12 May 2020
US Intel Officials warn that Americans are being targeted by foreign spies on Zoom and other video chat platforms.
We have been following the saga that is Zoom security since the beginning of the work-from-home boom stemming from the pandemic, and even as Zoom attempts to update its security, more bad press keeps popping up.
We had cybercriminals going on phishing expeditions and “Zoombombing” businesses, which was bad enough, but now cyberspies are getting into the mix… especially those from China, who have a vested interest in spying on US businesses. And Zoom is very attractive to Chinese virtual spies, especially after it was made known in early April that Zoom’s weaknesses favor China, seeing as not only were encryption keys actually routed through servers in China, but the fact that Zoom is reliant on Chinese labor, it could make the newly popular business somewhat vulnerable from the pressure of Chinese politicians.
It is important to note that as of this moment, China has not compromised Zoom, at least not knowingly, but the Zoom security issues that have been uncovered leave the company at higher risk than its counterparts, and that it appears that spies are combing the vulnerable app for potentially sensitive conversations, especially surrounding finances, business and product development, leads and intellectual properties. They are seemingly focusing on educational, corporate and government meetings.
As such, US authorities have issued a warning about discussing such sensitive information on Zoom or any other video conferencing app. In fact, late last week the Senate’s Sergeant-at-Arms warned fellow senators not to use Zoom.
In response to this negative press, Zoom is publicly promising to address and fix these vulnerabilities in their security, including updating their encryption, which was not, as they initially stated, actually “end-to-end.” Which is a problem, considering that even though Zoom is a San Jose-based company, they were keeping at least some of their decryption keys on a server in China, even though the conversations were occurring in North America.
Which isn’t too surprising because even though its headquarters are located in CA, most of the development occurred in China. And though they don’t really appear to be apologizing for their less-than-lackluster security, they do appear to be taking steps to tighten up. In fact, Eric Yuan, Zoom’s CEO, has been in contact with the former chief security officer at Facebook and Yahoo, Alex Stamos, about working together to beef up security.
But will that be enough? Only time will tell. Several senators and states’ attorney generals have begun asking around about Zoom and how they handled their security. It looks like this saga is far from over.
We here at Petronella Technology Group recommend that you take control of the security in your home office – do not rely on an app to keep you safe. A great way to begin layering your cyber security at home is by downloading our Free Remote Security Checklist. And as always, you can schedule an appointment by clicking here, or give us a call at 919-422-2607.