After video conferencing app Zoom’s security flaws were exposed in a recent report by Citizen Lab, all eyes have been on the company. The fact that Zoom has servers in China from where encryption keys are sent to users all around the world raises the possibility that Beijing might be able to snoop into video calls. Now, officials from the intelligence community have highlighted that the service poses a grave problem.
The security threat
Cybercriminals, especially from China, have been actively targeting the U.S. with greater intensity in recent times. “More than anyone else, the Chinese are interested in what American companies are doing,” an anonymous U.S. intelligence official said to Time. One avenue targeted by Chinese hackers is the Zoom video conferencing service. Though intelligence officials admit that there is no solid proof linking Zoom with the Chinese government, some of the features of the application can make it less secure than other alternatives.
The matter was also discussed between lawmakers, with the Senate sergeant at arms’ cybersecurity division sending an email to Senate offices warning that services like Zoom have been classified as “high-risk.” The application was said to potentially compromise systems and cause data loss, as well as not follow strict privacy rules. The sergeant at arms instructed lawmakers to use services like “Skype for Business” rather than Zoom when in need of making video calls.
The company has been trying to control the PR nightmare, stating that they had “mistakenly” routed calls through Chinese servers. Zoom has even introduced a new feature that will give paid users the ability to choose the servers through which their calls will be routed. As such, if any user wishes to avoid Chinese data centers, they are now fully capable of doing so. However, given that the company already admitted to committing a “mistake,” users might think it safer to use alternate services rather than risk being subjected to such “mistakes” yet again. As they say, business is all about trust. Once that trust is broken, it can be quite difficult to mend it.
Meanwhile, cybersecurity company Cyble reported finding more than 500,000 Zoom accounts being sold through hacker forums and the dark web. A team of hackers has also apparently found two critical exploits that can be used to spy on Zoom calls. They are being sold on the black market for US$500,000. A lawsuit has been brought against Facebook for allegedly “eavesdropping” on the personal data of Zoom users. Facebook has denied the allegations.
The FBI has issued a warning for Zoom users after a slew of complaints about conferences being disrupted by third parties who play threatening messages or pornographic content. Known as Zoom-bombing, the issue became a hot topic after an online class being conducted at a high school in Massachusetts was interfered with by a third party who shouted profanity at the teacher. The person apparently showed himself and his swastika tattoos.
The FBI advisory asks people not to make any meetings or classrooms public. Ensure that all meetings need a password so that only authorized people can join in the conversation. It has also asked not to share teleconference links in social media. Check the “screensharing” options and change the setting to “Host Only.” People who are victims of zoom-bombing can report the crime at www.ic3.gov.