Express Computer
Home  »  News  »  Zoom has been routing video conferencing calls, keys through servers in China

Zoom has been routing video conferencing calls, keys through servers in China

According to the researchers, Zoom appears to own three companies in China through which at least 700 employees are paid to develop Zoom's software.

0 329

US-based video meeting app Zoom courted a fresh controversy when security researchers from Citizen Lab at the University of Toronto found that some Zoom calls are being routed through servers in China, along with conference encryption and decryption keys used to secure those calls.

According to the researchers, Zoom appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software.

“Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities,’ said the team.

During its analysis, the security researchers also identified a security issue with Zoom’s Waiting Room feature.

“Assessing that the issue presented a risk to users, we have initiated a responsible vulnerability disclosure process with Zoom. We are not currently providing public information about the issue to prevent it from being abused,” the team said in a detailed statement on Friday.

While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, there are several third-party Chinese companies that sell the Zoom app within China (zoom.cn, zoomvip.cn, zoomcloud.cn).

Citizen Lab said it has initiated a responsible disclosure process with Zoom over Waiting Room vulnerability.

“We hope that the company will quickly act to patch and provide an advisory. In the meantime, we advise Zoom users who desire confidentiality to not use Zoom Waiting Rooms”.

The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk.

“Companies and individuals might erroneously assume that because a company is publicly listed or is a major household name, that this means the app is designed using security best practices. As we showed in this report, that assumption is false,” said Citizen Lab.

A TechCrunch report said on Saturday that Zoom “mistakenly” allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

“During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform,” explained Zoom Founder and CEO Eric Yuan.

Yuan has already apologized for the privacy and security issues or “Zoom-bombing” being reported in his app that has seen a surge in usage globally as people work from home during lockdowns.

Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, reports claimed this week that the video conferencing app Zoom is also prone to hacking.

The Zoom CEO said that over the next 90 days, the company is committed to dedicating the resources needed to better identify, address, and fix issues proactively to “maintain your trust”.

In March this year, the use base on Zoom reached more than 200 million daily meeting participants, both free and paid.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image