Zoom is easily one of the most popular video conferencing apps with over 300 million users as of this month. As more and more people are using the service to stay in touch with others amid the coronavirus outbreak, a number of security and privacy issues have plagued Zoom. Now, the most recent concern raised by the US Department of Homeland Security is that Zoom could be vulnerable to foreign surveillance. An analysis by the US federal agency seems to hint at surveillance issues that may have risen due to the development work on Zoom done in China.
The federal intelligence analysis was reportedly obtained by ABC News and it highlights the critical security issue that puts Zoom users at risk. The analysis was done by Cyber Mission and Counterintelligence Mission centres of the US Department of Homeland Security (US DHS). It states that some of the development work on Zoom is done in China and that “China's access to Zoom servers makes Beijing uniquely positioned to target US public and private sector users.” According to ABC News, an analyst shared that hackers could deploy malware using Zoom which could make a users' computer prone to a security breach.
However, the report does not detail the malwares or how these might be deployed through Zoom.
A Zoom spokesperson reportedly responded to these allegations and said that this analysis is inaccurate and “heavily misinformed”. The spokesperson added that the authors of the analysis did not verify the accuracy of these claims with Zoom that would have helped them to understand the real facts.
Responding to the issue of Zoom development in China, the spokesperson assured that developers in China do not have access to Zoom's production environment. They cannot make substantive changes to the platform or access any meeting content.”
Regarding the malware issue, the spokesperson stated that Zoom “has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorised access to data.”
The Zoom spokesperson reportedly revealed that Zoom's systems have geo-fencing around China to ensure that meeting data for users outside China is not routed through servers in China. The video conferencing service has 17 data centres around the world but only one of them is in China. Additionally, all of the Zoom source code is stored in the United States, the spokesperson added.
According to ABC News, the analysis also warns users of Zoom to evaluate the risk before using the video conferencing service.
There seems to be a lot of uncertainty regarding these claims as Zoom executives have denied these surveillance concerns. However, this doesn't mean that the service is free from privacy and security issues. In the recent past, there have been reports suggesting phishing campaigns on Zoom, hacked accounts on sale, and critical exploits.
How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.