A recent analysis of the Zoom video conferencing application revealed that the keys used to encrypt and decrypt meetings may be sent to servers in China, even if all participants are located in other countries.
As a result of its increasing popularity caused by the COVID-19 coronavirus outbreak, Zoom has come under scrutiny from cybersecurity and privacy experts. The company has updated its privacy policy, patched some potentially serious vulnerabilities, and it has promised to take measures to address some of the concerns.
Zoom also recently clarified that its definition of “end-to-end encryption” is different from the one of the cybersecurity community. End-to-end encryption typically means that communications are protected in a way that ensures no one — except for the sender and the recipient — can access the data being transmitted. If end-to-end encryption is used, not even the service provider should have access to unencrypted data.
However, in the case of Zoom, only communications between meeting participants and Zoom servers are encrypted, which gives the company access to unencrypted data and allows it to monitor conversations. Zoom, however, claims that it has “never built a mechanism to decrypt live meetings for lawful intercept purposes.”
An analysis conducted by University of Toronto's Citizen Lab research group revealed that this is not the only issue related to encryption when it comes to Zoom. During test meetings conducted by users in Canada and the United States, researchers noticed that the key used to encrypt and decrypt the video conference was sent to a server apparently located in Beijing, China.
“A scan shows a t ..
Support the originator by clicking the read the rest link below.
