Move Fast and Roll Your Own Crypto
During the outbreak, the complete economy went through a rough patch. But on the other side, some organizations shine like a pro and one such company is Zoom.
As the pandemic was on its peak, people had to shift from their offline work offices to home and that too overnight. One company that made the communications simple was Zoom and it's also a topic of discussion.
Thousands of people reported security glitches and Zoom remained ignorant. For those who don't know Zoom does not use a standard encryption protocol. The company has its own bespoke version of encryption that is not safe.
Zoom’s Own Crypto
A security company did a security audit over the encryption standard of
Zooms and the results are shocking. Zoom's video conferencing is not as safe as people think and this report covers all the issues.
According to the reports, Zoom uses its bespoke-made encryption standard which is the reason why it's not very secure for people. The complete Zoom's architecture has some issues that people should know.
If you read the official docs of Zoom company, you will find that the firm claims to have end-to-end protection. And along with this, Zoom claims that they use a standard AES-256 protocol for user safety but that's not true. As per the research, the Zoom app only uses AES-128 key-based security which is not enough by any means.
For many years, several people shed light on the issues that they are facing while using Zoom. Due to the sudden surge in the user base of Zoom, the issues seek a massive growth. Zoom has security issues in their screen sharing options and it is also believed that Zoom shares the details with Facebook.
But, the main concern here is that the company has left some bugs open to making the UI easier to use. To reduce latency in meetings, Zoom has been diluting security and privacy.
One such issue is that Zoom installs a web-server on Mac without user's consent. The company is rolling its own crypto technique which is not a standard practice to follow but still, there are no changes.
Another major issue that several people are still facing is Zoom Bombing. For those who don't know, if the meeting's invite link is public, then anyone can join or even hack the meeting slot.
Once the session is in the hacker's hand, the host of the meeting loses its control. This is a serious issue that people were facing but the company has now solved this issues. One major question is that, despite being a very hi-tech company, they missed this issue in their testing.
Many security experts claim that this issue remained unsolved by the engineers to allow people to join meetings with ease. But, this 'feature' came out as a serious bug and hackers exploited it and took sensitive data.
Zoom communication is not end-to-end
Zoom was in the bad light of cyber experts due to its claim of being an end-to-end app but the trust is something else. Zoom has made several unclear claims that their platform is end-to-end but the recent reports deny it.
When this thing came into light that Zoom is not peer-to-peer, then the company came up with a weird concept and it's hard to digest. In the end-to-end concept, the data between sender and receiver stays encrypted for any third party. But in Zoom's case, they use TLS for their encryption and it's not good industry practice.
As per Zoom, their E-to-E means that all the conference members (but not those who are using public telephone networks) are under encryption. It means if someone is using a telephone network to access Zoom, their data is not end-to-end safe.
Zoom encryption for sensitive discussion
The above security protocol of Zoom brings a high concern in the world of technology. This is because not only normal people are using online meetings, but diplomats also. Many political leaders used Zoom during the lockdown and their sensitive data did not have any protection as they should need.
Zoom's servers location is also in China and security experts believe that the data is also accessible to China's authority. This is a serious issue because no sensitive data then remains a secret anymore. When in a press conference it was asked what kind of data they share with the government. The company did not give any clear answer to this query.
Zoom as a target
Due to the open and 'welcoming' loopholes in the Zoom's system, it has become a goldmine for hackers. As all the world leaders are also using Zoom, it has become easy for hackers to break into protocols. This is because the analysis reports of this platform are available to the public. This loophole of Zoom is leading towards phone hacking of VIP people.
Hackers were tracking several people's phone numbers using Zoom's security gaps and only a few people were aware of this fact. When this issue came into light, Zoom rolled out their update, but several experts had no trust in it.
Many agencies dropped open letters to the company over the security status of their platform. But, Zoom didn't give any clear answer to any of the open letters.
Zoom's bespoke crypto channel and security issues
It's not hard to guess that the Zoom company is still not using the standard security protocols. As Zoom's roots are very deep in China, security experts believe that Zoom's intention of using their own security is not for the good cause.
As the standard security rules are open-source and anyone can access and review them, it's not the same with Zoom. The company is using its bespoke version of RTP standard which is not safe for sure. Zoom's use of their own crypto channel over the available public solution is a big concern.
The security councils' protocols and ideal test cases are open in public but the company's current systems are not following any. It drags Zoom again in the bad light for putting everyone at risk.
Zoom's crypto plan is not safe
As per the recent reports, Zoom's bespoke cryptographic plan is not safe by any means. For very high-level video calls like political leaders' discussion, Zoom is not a safe option.
As per the reports, the waiting room of this app is open to hackers as it has no security. Yes, the analysis company has said not to use the Zoom's waiting feature. Instead of the waiting feature, experts suggest using password-protected calls.
Even if you are calling your family members or kids, make sure you have enabled password protection to secure everyone. Many servers are working from China's location and it makes the security concern even bigger.
There was no good alternative available to Zoom when the pandemic took place. This forced many people including diplomates to use it. For those who are expecting privacy on Zoon, they need to seek a different platform.
To protect your privacy online, Zoom is not the right option and many security reports have proved it. Use Zoom with great care and avoid using it for very high data-sensitive exchange.
Start Getting Free Signals
10,040 registered users
550 users chatting now