Meetings on Zoom, the increasingly
popular video conferencing service, are encrypted using an algorithm
with serious, well-known weaknesses, and sometimes using keys issued by
servers in China, even when meeting participants are all in North
America, according to researchers at the University of Toronto.
The
researchers also found that Zoom protects video and audio content using
a home-grown encryption scheme, that there is a vulnerability in Zoom’s
“waiting room” feature, and that Zoom appears to have at least 700
employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab
— widely followed in information security circles — that Zoom’s service
is “not suited for secrets” and that it may be legally obligated to
disclose encryption keys to Chinese authorities and “responsive to
pressure” from them.Zoom could not be reached for comment. more
4/15/2020 UPDATE - More top companies ban Zoom following security fears. more