Zoom’s encryption has links to China, researchers discover

It seems like the root node of this article graph is <a href="https:&#x2F;&#x2F;citizenlab.ca&#x2F;2020&#x2F;04&#x2F;move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings&#x2F;" rel="nofollow">https:&#x2F;&#x2F;citizenlab.ca&#x2F;2020&#x2F;04&#x2F;move-fast-roll-your-own-crypto...</a>, which is being discussed here: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22768494" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22768494</a><p>Matthew Green&#x27;s article is being discussed here: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22771193" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22771193</a>

I&#x27;d recommend reading the original Citizen Lab article as well, which discusses the flaws more specifically. This Intercept article is good, but seems to be aimed at more of a general, less-technical audience.<p><a href="https:&#x2F;&#x2F;citizenlab.ca&#x2F;2020&#x2F;04&#x2F;move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings&#x2F;" rel="nofollow">https:&#x2F;&#x2F;citizenlab.ca&#x2F;2020&#x2F;04&#x2F;move-fast-roll-your-own-crypto...</a><p>At the very least, they are validating TLS certificates. (Which I know is the true bare minimum requirement of TLS, but &quot;goto fail&quot; and all...)<p>&gt;We set up mitmproxy to intercept the TLS traffic and configured the Zoom Linux client to route its TLS traffic through mitmproxy. Fortunately, the Zoom client did appear to warn us that the fake TLS certificates generated by mitmproxy were untrusted.

And another case of lying in marketing: &quot;A security white paper from the company claims that Zoom meetings are protected using 256-bit AES keys, but the Citizen Lab researchers confirmed the keys in use are actually only 128-bit.&quot;<p>How do they keep doing this? Do they just put whatever sells best in the documents and implement something else? First the end2end thing, now 128 instead of 256 bits. How many more are we going to find in the coming days?

The story here is that Zoom uses key distribution servers located in China (in addition to several servers in the USA) and that Chinese law might be compelling Zoom to disclose the encryption keys. I think it is a valid concern, but for me it also raises the question of whether this may also be required in the US.<p>In addition to letting the Chinese (and possibly US) government in on the encryption keys, the encryption scheme is also badly broken (ECB mode of AES). Prof. Matthew Green has written many articles about AES and encryption more generally and I recommend his blog if you are interested (even as a lay person).<p><a href="https:&#x2F;&#x2F;blog.cryptographyengineering.com&#x2F;2011&#x2F;12&#x2F;01&#x2F;how-not-to-use-symmetric-encryption&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.cryptographyengineering.com&#x2F;2011&#x2F;12&#x2F;01&#x2F;how-not-...</a>

Maybe I&#x27;ve been sensitised by all the security flaws, privacy leaks and outright lies on Zoom&#x27;s part, but I&#x27;m starting to really notice how much a lot of public figures are pushing Zoom.<p>Does anyone else find it really weird? Late-night TV hosts, I can understand - maybe they just get paid for it, or have Zoom shares. But for example UK government leaders repeatedly mentioning it by name, e.g. Matt Hancock saying that despite being unwell, Boris Johnson is still having &quot;Zoom videoconferences&quot;, or saying Johnson addressed his &quot;Zoom cabinet&quot;, just feels... weird.<p>Edited to add: thinking about it more, I remember &quot;FaceTime&quot; being used pretty similarly when it was new. So I guess all the bad news is just sensitising me.

OT: My kids school uses zoom atm. Been connecting using the web client at <a href="https:&#x2F;&#x2F;zoom.us&#x2F;wc&#x2F;join&#x2F;&lt;meetingid" rel="nofollow">https:&#x2F;&#x2F;zoom.us&#x2F;wc&#x2F;join&#x2F;&lt;meetingid</a> without dashes&gt;. Today however those links are returning 403 Forbidden (even tried multi) My knee-jerk reaction was that they have some way of capitalizing on installed software which they can&#x27;t on the web-client. But of course it could simply be that the web-client requires more server resources and now have to curb its usage.

Original title: Zoom&#x27;s Encryption is “Not Suited for Secrets” and Has Surprising Links to China

I always knew that the &quot;zoom.us&quot; is a dodgy name for an installation file. As if someone was going an extra length to make sure you think its a US company.

Well, that large majority of developers not is native-speaking seems highly likely if you only look at output of `zoom.sh` startup script.<p>No pun intended.

&quot;home grown encryption scheme&quot; seems to imply Zoom is rolling its own crypto, which is tremendously foolish.<p>That isn&#x27;t exactly the case, per the same article. More Zoom is choosing a poor choice among other choices, of implementing AES:<p>&quot;Furthermore, Zoom encrypts and decrypts with AES using an algorithm called Electronic Codebook (ECB) mode, “which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input,” according to the Citizen Lab researchers. In fact, ECB is considered the worst of AES’s available modes.&quot;<p>Bad idea but not &quot;rolling own crypto bad&quot;<p>edit: agree it&#x27;s bad. this is pointing out inaccuracies in language from tech journalism reporting on security. This continues to be an issue per the miseducation it creates for the general public in infosec concepts, which is already an uphill battle of misconceptions. Since these articles, or AG Barr, are the discussions that actually hit the mainstream, it&#x27;s an issue that needs to correct.ed Tech journalism, a profession focused on &#x27;getting the facts,&#x27; are the direct conduit of this version of miseducation&#x2F;failure of facts, and should be corrected. See: NY Times Baltimore Ransomware = NSA Tool (false), Bloomberg Supermicro (false, so far), etc.

Keyservers in China may be a risk, but this sounds like a terrible idea: &quot;The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme&quot;

It would be good for the title to contain that the encryption they use is broken.

It’s hard to take the rest of the article seriously when they criticize Zoom for using 128-bit AES.

Why is it surprising ? I heard Zoom is China based dispute it&#x27;s domain name has .us

founder is Chinese, they have 700 employees in China, does anyone really consider this non Chinese app?

I&#x27;ve really grown to dislike the &quot;China == bad&quot; thing, yes, they&#x27;re domestically authoritarian, without excusing any of it, I like to act on hard evidence, not hear say, I am stunned that after the Bloomberg fiasco these kind of stories didn&#x27;t take a hit.<p>P.S. Personally, I don&#x27;t consider the NSA having my data as being any better, thank you.<p>EDIT: Just to be clear, I don&#x27;t think Zoom&#x27;s encryption claims should be trusted, but it&#x27;s not because CHINAAA, it&#x27;s because they&#x27;re misleading people into thinking TLS means E2E.

OK, this makes things clearer. Zoom does in fact encrypt their streams from client to client but they have easy access to the keys.<p>In their recent post about this question they apologize for what they admit to be an incorrect use of the phrase &quot;end to end encryption&quot;. They base this on the existence of things like the gateways used to the regular telephone network.<p>It seems like an odd way to spin this. Why didn&#x27;t they just state that the data is encrypted &quot;end to end&quot; and then leave it at that? Apple supposedly has access to the keys used to encrypt FaceTime calls but they happily involve the &quot;end to end encryption&quot; marketing phrase. I don&#x27;t see why Zoom couldn&#x27;t do the same. The way Zoom has handled this could of been a lot better.<p>I think the world needs a consumer standard for cryptography. Something like:<p>* Level 1 for the case where any eavesdropper can get the plain text.<p>* Level 2 for when just the provider can get the plain text.<p>* Level 3 for when just the users can get the plain text.<p>Most of what is being described as &quot;end to end encrypted&quot; these days is really just level 2 even in the case where the provider does not have the keys due to the fact that the provider can trivially MITM the traffic. The general public should be made aware of the distinction without having to dig into the technical details.