Zoom's encryption has 'serious, well-known weaknesses', according to report
What you need to know
- More concerning security issues have been found within popular video-conferencing app Zoom.
- They include an encryption vulnerability, servers in China, and an automated tool that can find 100 Zoom meeting IDs an hour.
- Zoom has already publicly apologized for previous issues, vowing to freeze new features for 90 days whilst it issues fixes.
Two separate reports have revealed further issues within popular video-conferencing app Zoom.
First up, a report from The Verge notes that a security professional has used an automated tool that can scour meetings to find ones that are not protected by passwords. Apparently, it was able to find 2,400 calls in a single day, extracting a link to meeting, date, time, organizer and meeting topic information. From the report:
Automated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9TbAutomated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9Tb— briankrebs (@briankrebs) April 2, 2020April 2, 2020
In a statement to The Verge regarding this issue Zoom said:
A second separate report from The Intercept published today claims that Zoom's encryption algorithm has "serious, well-known weaknesses" and that keys are being issued by servers sometimes based in China, even if all the participants are based in the US.
Zoom has not commented further on this issue, which was also reported by Forbes who note:
Security concerns regarding Zoom are now seemingly well noted in the community. The encouraging sign is that Zoom has taken notice, apologized and vowed to fix all of these issues over the next 90 days, freezing new features in the meantime.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.