Mike Phillips
Active member
- Dec 5, 2022
- 51,004
- 7
Software Experts? - ZOOM is Malware?
So yesterday I downloaded ZOOM software so Yancy and I can do some form of online webinar. This morning, I scan a few of my favorite news sites and start finding articles that there are software problems with the ZOOM software.
I figure some of our members are probably pretty savvy in this area, so would anyone want to take it upon themselves to read some of the info I've shared below and give us their opinion?
Here's the first article....
A quick look at the confidentiality of ZOOM meetings
The above is a long but in-depth look at the ZOOM software, if you scroll down to bullet item #5 here's a summary,
5. Conclusion: Not Suited for Secrets
Zoom’s product is user-friendly and has rapidly grown its user base during the COVID-19 pandemic by “just working.” Zoom’s fast growing user base, combined with marketing language around encryption and security, have attracted many sensitive conversations. This sudden popularity likely puts the product in the crosshairs of government intelligence agencies and cyber criminals.
Questionable Crypto & Encryption Keys Sent to Beijing
Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.
An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation state attackers, including the People’s Republic of China.
Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks a transparency report, a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just stated (April 2nd, 2020) that it will release such a report within 90 days.
As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:
For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.
For those who have no choice but to use Zoom, including in contexts where secrets may be shared, we speculate that the browser plugin may have some marginally better security properties, as data transmission occurs over TLS.
Worst yet - according to
So while Yancy and I don't fall into any of the above 4 categories, I don't like the idea of having software on my [brand new] laptop sending Autogeek's info to anywhere.
Also - can't find it at this moment, but I read somewhere that it cannot be completely uninstalled.
:dunno:
So yesterday I downloaded ZOOM software so Yancy and I can do some form of online webinar. This morning, I scan a few of my favorite news sites and start finding articles that there are software problems with the ZOOM software.
I figure some of our members are probably pretty savvy in this area, so would anyone want to take it upon themselves to read some of the info I've shared below and give us their opinion?
Here's the first article....
A quick look at the confidentiality of ZOOM meetings
The above is a long but in-depth look at the ZOOM software, if you scroll down to bullet item #5 here's a summary,
5. Conclusion: Not Suited for Secrets
Zoom’s product is user-friendly and has rapidly grown its user base during the COVID-19 pandemic by “just working.” Zoom’s fast growing user base, combined with marketing language around encryption and security, have attracted many sensitive conversations. This sudden popularity likely puts the product in the crosshairs of government intelligence agencies and cyber criminals.
Questionable Crypto & Encryption Keys Sent to Beijing
Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.
An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation state attackers, including the People’s Republic of China.
Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks a transparency report, a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just stated (April 2nd, 2020) that it will release such a report within 90 days.
As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:
- Governments worried about espionage
- Businesses concerned about cybercrime and industrial espionage
- Healthcare providers handling sensitive patient information
- Activists, lawyers, and journalists working on sensitive topics
For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.
For those who have no choice but to use Zoom, including in contexts where secrets may be shared, we speculate that the browser plugin may have some marginally better security properties, as data transmission occurs over TLS.
Worst yet - according to
So while Yancy and I don't fall into any of the above 4 categories, I don't like the idea of having software on my [brand new] laptop sending Autogeek's info to anywhere.
Also - can't find it at this moment, but I read somewhere that it cannot be completely uninstalled.
:dunno:
