- Zoom has been found prone to foreign surveillance.
- The US Department of Homeland Security has issued the intel.
- Zoom has responded to the concerns of DHS.
Zoom sits atop the concerns around privacy and security currently as people switched to connecting via video meetings amid lockdown. The video conferencing app has repeatedly tried to put off the privacy-related fallacies but has ultimately failed to convince security advocates. New intel on how Zoom works claims it could be prone to foreign surveillance. The surveillance could be monitored by various government agencies around the world, including that of China. The latest analysis has also urged organisations using Zoom "to carefully consider the risk" and check if they should continue using the app. The latest warning comes days after the FBI issued an advisory on using Zoom as a means to communicate for Americans.
In a federal intelligence report, claimed to have been obtained by ABC News, outlines fears over using Zoom across organisations in the US and outside of it. The analysis was issued by the centres of Cyber Mission and Counterintelligence Mission under the Department of Homeland Security and circulated to other law enforcement and government agencies in the US. The sudden spike in the usage of the video conferencing app has created a safe haven for hackers to exploit and harvest data. These hackers "likely will identify new or existing vulnerabilities" in Zoom to gain unauthorised access to user accounts and their devices. Exploits in user accounts could lead them to access corporate networks surreptitiously.
Although Zoom has claimed to have patched security flaws in its app, the hackers will not be deterred because of the delays in the process of patching. "The patching process is undermined by actors who often capitalize on delays and develop exploits based on the vulnerability and available patches," noted ABC News in its report, citing the intelligence report by the DHS. The report also noted the popularity of Zoom has "skyrocketed" with lockdown in effect in several countries, forcing people to take up remotely-managed meetings on video. "Zoom's sudden immense growth and use across both public and private sector entities in combination with its highly publicized cybersecurity issues creates a vulnerable, target-rich environment," noted the report.
A Zoom spokesperson told ABC News that the intelligence report is " heavily misinformed, includes blatant inaccuracies about Zoom's operations, and the authors themselves admit only 'moderate confidence' in their own reporting." The spokesperson further added, "We are disappointed the authors did not engage with Zoom to verify the accuracy of these claims and understand the real facts about Zoom."
The DHS intelligence report has specifically mentioned the development work for Zoom that is carried out in China as one of the major concerns. China has a strict intellectual property regulation, which makes it hard for companies to open the coding and allow other countries from "using Zoom vulnerabilities to achieve their objectives." The access given to China makes the country "uniquely positioned to target US public and private sector users," the analysis report has outlined. On top of the concerns laid out by DHS, other analysts have believed that malicious actors could use Zoom's system to "deploy malware", efficient enough to "make a third party's computer system susceptible to a security breach."
In response to the concerns regarding cybersecurity, the Zoom spokesperson told ABC News that the company "has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorized access to data." Furthermore, the spokesperson assured that the developers in China do not have access to the environment used by Zoom for video meetings, including administrative rights to make important and crucial changes to the app and access the content of video meetings. Previously, a report by security researchers claimed Zoom routed some of the calls to the Chinese data servers without intimation. Zoom later clarified it happened "mistakenly" as Zoom clients connected to the next available data server, which was in China, to optimise the network traffic influx due to the surge in video calls.