Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them. Zoom could not be reached for comment. Generating Encryption Keys in China Earlier this week, The Intercept reported that Zoom was misleading users in its claim to support end-to-end encryption, in which no one but participants can decrypt a conversation. Zoom’s Chief Product Officer Oded Gal later wrote a blog post in which he apologized on behalf of the company “for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.” The post went on to detail what encryption the company does use.

Zoom

Based on a reading of that blog post and Citizen Lab’s research, here is how Zoom meetings appear to work: When you start a Zoom meeting, the Zoom software running your device fetches a key with which to encrypt audio and video. This key comes from Zoom’s cloud infrastructure, which contains servers around the world. Specifically, it comes from a type of server known as a “key management system,” which generates encryption keys and distributes them to meeting participants. Each user gets the same, shared key as they join the meeting. It is transmitted to the Zoom software on their devices from the key management system using yet another encryption system, TLS, the same technology used in the “https” protocol that protects websites. Depending on how the meeting is set up, some servers in Zoom’s cloud called “connectors” may also get a copy of this key. For example, if someone calls in on the phone, they’re actually calling a “Zoom Telephony Connector” server, which gets sent a copy of the key. Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers who authored the report, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report. The report points out that Zoom may be legally obligated to share encryption keys with Chinese authorities if the keys are generated on a key management server hosted in China. If the Chinese authorities or any other hypothetical attacker with access to a key wants to spy on a Zoom meeting, they also need to either monitor the internet access of a participant in the meeting, or monitor the network inside the Zoom cloud. Once they collect the encrypted meeting traffic, they can use the key to decrypt it and recover the video and audio. Encryption Flaws: The Worst of AES Citizen Lab flagged as worrisome not only the system used to distribute Zoom encryption keys but also the keys themselves and the way they are used to encrypt data. Zoom’s keys conform to the widely used Advanced Encryption Standard, or AES. A security white paper from the company claims that Zoom meetings are protected using 256-bit AES keys, but the Citizen Lab researchers confirmed the keys in use are actually only 128-bit. Such keys are still considered secure today, but over the last decade many companies have been moving to 256-bit keys instead. Furthermore, Zoom encrypts and decrypts with AES using an algorithm called Electronic Codebook, or ECB, mode, “which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input,” according to the Citizen Lab researchers. In fact, ECB is considered the worst of AES’s available modes. Here’s why: It should be impossible to tell the difference between properly encrypted data and completely random data, such as static on a radio, but ECB mode fails to do this. If there’s a pattern in the unencrypted data, the same pattern shows up in the encrypted data. This Wikipedia page has a useful illustration to visualize this:

Wikipedia

Once it has been poorly encrypted in this manner, video and audio data is distributed to all participants in a meeting through a Zoom Multimedia Router server. For most users, this server runs in Zoom’s cloud, but customers can choose to host this part on-premises. In this case, Zoom will generate, and thus have access to, the AES key that encrypts the meeting but shouldn’t have access to the meeting content itself, so long as none of the aforementioned “connector” servers (for phone calls and so forth) are participating in the meeting. (In its blog post, Zoom said self-hosting customers will eventually be able to manage their own encryption keys.) Meeting hosts can set their meetings to have virtual “waiting rooms,” making it so that users do not directly enter the meeting when they log on with Zoom but instead must wait to be invited in by a participant. The Citizen Lab researchers discovered a security vulnerability with this feature while conducting their encryption analysis. They said in their report that they have disclosed the vulnerability to Zoom but that “we are not currently providing public information about the issue to prevent it from being abused.” In the meantime, the researchers advised Zoom users who desire confidentiality to avoid using waiting rooms and instead set passwords on meetings. Corrective Moves By Zoom The newly uncovered flaws in Zoom’s encryption may be troubling for many of the company’s customers. Since the coronavirus outbreak started, Zoom’s customer base has surged from 10 million users to 200 million, including “over 90,000 schools across 20 countries,” according to a blog post by Zoom CEO Eric Yuan. The U.S. government recently spent $1.3 million on Zoom contracts as part of its response to the pandemic, according to a review of government contracts by Forbes, and the U.K. government has been using Zoom for remote Cabinet meetings, according to a tweet from Prime Minister Boris Johnson.

This morning I chaired the first ever digital Cabinet.



Our message to the public is: stay at home, protect the NHS, save lives. #StayHomeSaveLives pic.twitter.com/pgeRc3FHIp — Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 31, 2020

Among those who should be concerned about Zoom’s security issues, according to Citizen Lab, are “governments worried about espionage” and “businesses concerned about cybercrime and industrial espionage.” Despite a recent flood of security and privacy failures, Yuan, Zoom’s CEO, appears to be listening to feedback and making a real effort to improve the service. “These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones,” Yuan wrote in his blog post. “We appreciate the scrutiny and questions we have been getting — about how the service works, about our infrastructure and capacity, and about our privacy and security policies.”

Kudos to @zoom_us: https://t.co/nU84c5fPcE



In *one* day:

? "Released a fix for the UNC link issue"

? "Released fixes for both Mac-related issues"



Promise to:

? Engage in pen-tests

? Improve bug bounty program

? Enact feature freeze to focus on safety/privacy issues



??? pic.twitter.com/92JrOv5TVN — patrick wardle (@patrickwardle) April 2, 2020