Zoom is routing video conference calls, keys via servers in China

Researchers from Citizen Lab at University of Toronto found that some Zoom calls are being routed through servers in China, along with conference encryption and decryption keys used to secure those calls.

By: INDO ASIAN NEWS SERVICE
| Updated on: Apr 04 2020, 18:23 IST
Researchers from Citizen Lab at University of Toronto found that some Zoom calls are being routed through servers in China, along with conference encryption and decryption keys used to secure those calls.
Researchers from Citizen Lab at University of Toronto found that some Zoom calls are being routed through servers in China, along with conference encryption and decryption keys used to secure those calls. (Zoom)

US-based video meeting app Zoom courted a fresh controversy when security researchers from Citizen Lab at University of Toronto found that some Zoom calls are being routed through servers in China, along with conference encryption and decryption keys used to secure those calls.

According to the researchers, Zoom appears to own three companies in China through which at least 700 employees are paid to develop Zoom's software.

You may be interested in

MobilesTablets Laptops
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

"Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities,' said the team.

Also read
Looking for a smartphone? To check mobile finder click here.

During its analysis, the security researchers also identified a security issue with Zoom's Waiting Room feature.

"Assessing that the issue presented a risk to users, we have initiated a responsible vulnerability disclosure process with Zoom. We are not currently providing public information about the issue to prevent it from being abused," the team said in a detailed statement on Friday.

Also Read: Zoom app vulnerable to cyber attacks, issues advisory on safety measures: CERT-India

While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, there are several third-party Chinese companies that sell the Zoom app within China (zoom.cn, zoomvip.cn, zoomcloud.cn).

Citizen Lab said it has initiated a responsible disclosure process with Zoom over Waiting Room vulnerability.

"We hope that the company will quickly act to patch and provide an advisory. In the meantime, we advise Zoom users who desire confidentiality to not use Zoom Waiting Rooms".

The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk.

"Companies and individuals might erroneously assume that because a company is publicly listed or is a major household name, that this means the app is designed using security best practices. As we showed in this report, that assumption is false," said Citizen Lab.

A TechCrunch report said on Saturday that Zoom "mistakenly" allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

Also Read: Zoom apologises for privacy issues, announces a 90-day feature freeze

"During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user's region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform," explained Zoom Founder and CEO Eric Yuan.

Yuan has already apologized for the privacy and security issues or "Zoom-bombing" being reported in his app that has seen a surge in usage globally as people work from home during lockdowns.

Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, reports claimed this week that the video conferencing app Zoom is also prone to hacking.

The Zoom CEO said that over the next 90 days, the company is committed to dedicating the resources needed to better identify, address, and fix issues proactively to "maintain your trust".

In March this year, the use base on Zoom reached more than 200 million daily meeting participants, both free and paid.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 04 Apr, 18:23 IST
NEXT ARTICLE BEGINS