• UK
  • World
    • USA
  • Entertainment
    • Celeb
    • Showbiz
    • Magazine
  • Politics
  • Sports
  • Gaming
  • Tech
  • Science
    • Education
  • Insurance
  • Business
  • Auto
  • ToS/Contact
    • ToS
    • Privacy Policy
    • Contact
NewsExplored
  • UK
  • World
    • USA
  • Entertainment
    • Celeb
    • Showbiz
    • Magazine
  • Politics
  • Sports
  • Gaming
  • Tech
  • Science
    • Education
  • Insurance
  • Business
  • Auto
  • ToS/Contact
    • ToS
    • Privacy Policy
    • Contact
  • Facebook

  • Twitter

  • LinkedIn

  • Tumblr

  • RSS

Tech

Zoom ‘unsuitable’ for government secrets, researchers say

Zoom ‘unsuitable’ for government secrets, researchers say
Newsexplored
3rd April 2020
ShareTweet
SubscribeRedditGoogleWhatsappStumbleuponPinterestDiggLinkedinTumblrTelegram
Views:
5
A photo shows the Zoom interface with many of the UK's cabinet ministers present, including the prime ministerImage copyright AFP
Image caption The UK Cabinet has been meeting via Zoom – something researchers say may not be ideal

The hugely popular video meetings app Zoom has “significant weaknesses” which might make it unsuitable for secrets.

A team at The Citizen Lab found that Zoom was using a non-standard type of encryption, and transmitting information through China.

Government use – such as Boris Johnson’s use of the app for Cabinet meetings – may not be wise, the researchers warned.

But the app is fine for keeping in touch for most people, they said.

Until recently, Zoom was used mainly by large businesses for video conference calls. But the explosion in users during the coronavirus pandemic has created “a new gold rush for cyber-spies”, The Citizen Lab’s report said.

It warned that Zoom “may not be suitable” for:

  • Governments and businesses worried about espionage
  • Healthcare providers handling sensitive patient information
  • Activists, lawyers and journalists working on sensitive topics

But for people using Zoom for contacting friends, holding social events or organising courses or lectures, “our findings should not necessarily be concerning”, the report said.

Analysis: Still fine for most

By Joe Tidy, Cyber-security Reporter

Zoom says there are now 200 million meetings held on it every day, and despite the serious flaws uncovered in this latest report, it’s probably safe to say that 199 million of them are not in danger.

The Citizen Lab has shown compelling evidence here that it is possible to collect all the data of a video meeting and then partially unscramble it to find out, roughly, what was said and what was seen.

  • UK government defends PM’s use of Zoom
  • Zoom is in everyone’s living room – how safe is it?

However, it would take a huge amount of time and effort for a hacker to achieve this – and it simply wouldn’t be worth the effort for an average work huddle or friendly pub quiz held on the service. It’s the high-level talks at company board level, or in government, that will be targeted.

data-ad-format="auto">

The government has been led by the National Cyber Security Centre and other security experts on this since the beginning. The goal has always been to allow for open and smooth communications to take place, but this research may well lead to the advice on Zoom changing fast.

“Zoom has made the classic mistake of designing and implementing their own encryption scheme, rather than using one of the existing standards for encrypting voice and video content,” said Bill Marczak, a Research Fellow at The Citizen Lab.

“To be sure, Zoom’s encryption is better than none at all, but users expecting their Zoom meetings to be safe from espionage should think twice before using the app to discuss sensitive information.”

The research has not taken the security services in the UK by surprise and it is understood that a project is working “at pace” to adapt existing communication systems to the demands of home working and security.


The UK’s National Cyber Security Centre issued a statement saying: “Zoom is being used to enable unclassified crisis COVID-19 communications in the current unprecedented circumstances. Assured services are in place for more sensitive communications and the provision of these services is being widened given the demands of much greater remote working.”

The government is not disclosing which meetings are eligible for Zoom and which ones are not. As an example, the BBC was told that Zoom is safe for Cabinet-level discussions but not for emergency Cobra meetings.

A Chinese ‘heart’ for the US company

Aside from the encryption standards, the researchers also found that Zoom sends traffic to China – even when all the people in a Zoom meeting are outside of China.

“During multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China,” the report said.

Image copyright EPA
Image caption Zoom remains hugely popular despite the concerns expressed in some quarters

The report also pointed to the strong involvement of Chinese firms in the company. Zoom has its headquarters in the US, but has about 700 employees across three companies in mainland China working on the app’s development.

  • Zoom apologises for security issues, promises fixes
  • Zoom under increased scrutiny as popularity soars

“Running development out of China likely saves Zoom having to pay Silicon Valley salaries, reducing their expenses and increasing their profit margin. However, this arrangement could also open up Zoom to pressure from Chinese authorities,” the report said.

A ‘roll your own’ approach

The team said there are mixed and confusing messages around the type of encryption that Zoom actually uses.

In some places, it tells users that it uses “end-to-end” encryption – the gold standard for secure messaging, which makes it impossible for the service, or any other middlemen, to access data. In its documentation, Zoom has said it uses a type of encryption called AES-256.

But the researchers said this is not true. Instead, Zoom has “rolled their own” encryption – using a variant of something called AES-128 in “ECB mode”.

Among security researchers, ECB mode “is well understood to be a bad idea”, because it preserves some of the patterns of the original, the report said.

Image copyright Wikimedia
Image caption The report highlighted that “ECB mode” preserves patterns, and is “a bad idea”

The report also says that Zoom does not use end-to-end encryption “as most people understand the term”. Instead, it uses “transport” encryption between devices and servers.

“Because Zoom does not implement true end-to-end encryption, they have the theoretical ability to decrypt and monitor Zoom calls,” the report said. But it noted that Zoom itself has already addressed this concern, promising that they have never built such a mechanism, even if it is theoretically possible.

During their research, the team was able to extract a still image from a video meeting using the encryption key.

Zoom clarified its encryption policy on 1 April, apologising for incorrectly suggesting that meetings were capable of end-to-end encryption.

It also moved to quell fears about privacy and security issues, promising to spend the next 90 days exclusively working on “trust, safety, and privacy issues”.

Alan Woodward, a professor of computer science at Surrey University, told the BBC that a major fix is needed.

“I don’t believe this is something that Zoom can just add to their list of jobs to do in the next 90 days. It’s possible, but this requires a re-engineering of the way they encrypt their calls, so it’s a major undertaking.”

Prof Woodward added: “I would not use Zoom for any sensitive or secret discussions.”

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Google+ (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Share on Skype (Opens in new window)

Related

Related Itemsgovernmentresearcherssecretsunsuitable
Tech
3rd April 2020
Newsexplored @newsexploredweb

Related Itemsgovernmentresearcherssecretsunsuitable

More in Tech

  • Read More
    Facebook blocks Australian users from viewing or sharing news

    Views:5 media captionAustralians react to Facebook’s news ban Facebook has blocked Australian users from sharing or viewing...

    Newsexplored 3rd April 2020
  • Read More
    Yan Dhanda: Social media firms ‘adding fire to hate’ says Swansea midfielder

    Views:5 Dhanda is one of a handful of British Asians currently playing professional football in the United...

    Newsexplored 3rd April 2020
  • Read More
    Facebook ‘horrified’ by online abuse of Premier League footballers

    Views:5 Facebook ‘horrified’ by online abuse of footballers – head of content policy Fadzai Madzingira speaks to...

    Newsexplored 3rd April 2020
  • Read More
    Could Google really leave Australia?

    Views:5 Google has threatened to pull out of the Australian market if a new law governing its...

    Newsexplored 3rd April 2020
  • Read More
    Google threatens to withdraw search engine from Australia

    Views:5 image copyrightReuters image captionGoogle says the new law will lead to it disabling its search tool...

    Newsexplored 3rd April 2020
  • Read More
    Samsung Galaxy S21 Ultra: Does stylus spell end of the Note?

    Views:5 By Leo KelionTechnology desk editor image copyrightSamsung image captionThe Galaxy S21 Ultra has hardware built into...

    Newsexplored 3rd April 2020
  • Read More
    December Microsoft issue affecting pupils could take ‘weeks’ to fix

    Views:5 image copyrightGetty Images image captionMicrosoft Teams is a key resource for pupils learning at home A...

    Newsexplored 3rd April 2020
  • Read More
    Fifa 21 and Frozen 2 top digital sales of 2020

    Views:5 image copyrightEA SPORTS/DISNEY The UK spent a record £9.05bn ($12bn) on home entertainment in 2020, with...

    Newsexplored 3rd April 2020
  • Read More
    Elon Musk’s guide to getting ahead in business

    Views:5 By Justin RowlattChief environment correspondent image copyrightReuters image captionWhat are the secrets behind Elon Musk’s astonishing...

    Newsexplored 3rd April 2020
  • Read More
    Home-schooling: How to help your child’s online learning

    Views:5 By Jane WakefieldTechnology reporter Published 2 hours ago Related Topics image copyrightGetty Images image captionSchool’s out....

    Newsexplored 3rd April 2020
  • Read More
    Cyberpunk 2077: How did the release go so wrong?

    Views:5 image copyrightGetty Images It’s safe to say things haven’t gone smoothly for the makers of Cyberpunk...

    Newsexplored 3rd April 2020
  • Read More
    Manchester United hit by cyber attack but say fan data safe

    Views:5 Manchester United host West Brom at Old Trafford in the Premier League on Saturday Manchester United...

    Newsexplored 3rd April 2020
Scroll for more
Tap
data-ad-format="auto">
NewsExplored

NewsExplored - Making sure all the latest news is explored?

Contact us for help

  • Popular

  • Latest

  • Comments

  • Transfer rumours: Kounde, Haaland, Bremer, Neuhaus, Balogun, Ziyech, Raphinha
    Sports13th February 2021
  • Station reopening at Bow Street brings first trains for 56 years
    UK14th February 2021
  • Manchester United 3-3 Everton: Dominic Calvert-Lewin scores late goal to deny hosts
    Sports6th February 2021
  • Keeping the faith: Christian chaplains in the time of Covid
    UK7th February 2021
  • George Floyd death: How will jurors be selected in Derek Chauvin trial?
    USA8th March 2021
  • George Floyd trial: Why is it so important?
    USA7th March 2021
  • LeBron James: NBA superstar’s evolution from high school prodigy
    USA4th March 2021
  • What is Biden doing differently at US border?
    USA3rd March 2021
  • Les Rehrer says:

    Hello Its me :P and thanks for this post

  • optumrx login says:

    Thank For News.

  • Kent Laatsch says:

    Please let me know if you're looking for a writer…

  • Bob says:

    RT News was where I learned that Erdogan controlled isis.…

Copyright © 2018 Top News Theme. Theme by MVP Themes, powered by Wordpress.

Coronavirus: Google reveals travel habits during the pandemic
Coronavirus: Garden centres switch to virtual personal shopping
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok