Researchers at the University of Toronto have raised questions about the cybersecurity of the popular teleconference app Zoom and its links to China.
Employees, teachers and students around the world have been forced to work remotely due to the coronavirus pandemic and Zoom has benefitted financially from this massive shift towards videoconferencing.
While other companies falter on the stock market, Zoom Video shares have skyrocketed by up to 84% this year.
A research report by Bill Marczak and John Scott-Railton from the University of Toronto’s Citizen Lab highlighted several issues surrounding Zoom’s encryption methods and discovered that some calls were being routed through China.
“A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China,” wrote Marczak and Scott-Railton.
According to the report, the Zoom app is developed by three Chinese companies, all called “Ruanshi Software.” While two of the companies are in fact owned by Zoom, one is owned by a Chinese company called “American Cloud Video Software Technology Co., Ltd.”
As of June 2017, the Cybersecurity Law of the People’s Republic of China legally requires companies to collaborate with government intelligence operations. Other Chinese tech companies like Huawei and TikTok have been scrutinized in the past due to their potential adherence to the law.
Marczak and Scott-Railton point out that the wide-spread use of teleconferencing has attracted state actors with the prospect of cyberespionage.
“Zoom’s success has led it to attract conversations that are of high priority interest to multiple governments. We suspect that this makes Zoom a high priority target for signals intelligence (SIGINT) gathering and targeted intrusion operations,” claim Marczak and Scott-Railton.
The New York City Department of Education has already decided to ban the software after the security flaws were exposed and calls were subject to intrusion by hackers and trolls.
Zoom has since admitted that some calls on the platform were “mistakenly” routed through Chinese servers.
“In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began,” said Zoom CEO Eric Yuan.
“In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect.”