If we didn’t have anything else to worry about, we’re starting to see a lot — and we mean, a lot — of warning that the online video conference platform Zoom that everyone is using is quite possibly a danger to national security.
Elon Musk, for example, banned it for SpaceX over “significant privacy and security concerns”:
SpaceX banned its employees from using Zoom to video chat, citing “significant privacy and security concerns" just a few days after the FBI issued a warning that Zoom teleconferences could be hijacked—a practice known as "Zoom-bombing."https://t.co/gw9NE0j3tr
— Michael Sheetz (@thesheetztweetz) April 2, 2020
Thomas Rid, a professor at Johns Hopkins goes further and says Zoom created “awe-inspiring intelligence collection opportunities”:
COVID-19 has created—and continues to create—awe-inspiring intelligence collection opportunities.
Zoom would be a big part of that intelligence bonanza.
⬇️— Thomas Rid (@RidT) April 1, 2020
Think about how much traffic is going over Zoom right now for a second:
Ex-NSA director Hayden revealed in 2016 how the US Air Force was hitting fibre optic cable heads during the invasion of Iraq to “herd” high-value signals into the sky, where comms could be intercepted more easily.
COVID is herding high-value signals into Zoom (and other apps)
— Thomas Rid (@RidT) April 1, 2020
Think of all the sensitive stuff being discussed:
The virus is forcing an unprecedented number of leaders and managers to work from home, across all sectors, in business and in government, everywhere. Sensitive meetings of course didn’t stop; they moved to new platforms. The most important platform today is Zoom.
— Thomas Rid (@RidT) April 1, 2020
Now read how their security is BS:
Now, Zoom says it’s end-to-end encrypted — in fact Zoom is not end-to-end encrypted.
This deceptive labelling means some, likely many users consider the platform more secure than it is. Outstanding reporting here by https://t.co/xnv1mvAMi5
— Thomas Rid (@RidT) April 1, 2020
The security is so bad, pranksters are already “zoom bombing” broadcasts:
I mean, the problem of third parties *openly* sneaking into Zoom meetings is so pervasive that the FBI’s Boston field office has warned of “zoom bombing” in classrooms https://t.co/8M8bWbXRdK
— Thomas Rid (@RidT) April 1, 2020
China is pretty good at this stuff:
Now, China has highly capable intelligence agencies, with innovative tactics in signals intelligence and human intelligence collection.
Highly capable intelligence agencies have long targeted communication service providers in creative ways https://t.co/1wXv9KQQzN
— Thomas Rid (@RidT) April 1, 2020
And GUESS WHERE ZOOM’S TECH PEOPLE ARE LOCATED:
Nearly one third of Zoom’s employees are in China (“more than 700”).
Yes, Zoom’s product development team is located in China.
Source: Zoom’s SEC filings (most recent 10-K). pic.twitter.com/DPagJfFexE
— Thomas Rid (@RidT) April 1, 2020
One of the reasons Zoom is so popular is because of how well it integrates into your computer. Well, that’s because, as Princeton professor Arvind Narayanan points out, “Zoom is malware” and works like malware:
Let's make this simple: Zoom is malware. https://t.co/xkJDaP4OoK
— Arvind Narayanan (@random_walker) March 31, 2020
Using malware techniques seems part of Zoom's DNA. Recently Zoom was caught secretly installing web servers on users' machines that allowed any website to forcibly join a user to a Zoom call, with their camera on, without consent. https://t.co/vShpK40zxy
— Arvind Narayanan (@random_walker) March 31, 2020
It’s a “privacy disaster”:
Zoom is also a privacy disaster https://t.co/OKY3J6rzQa
The creepiest feature is attention tracking. If it's on, it reports to the host if a user clicks away from the Zoom window for 30 seconds. As we all know, your boss constantly watching your screen is a great way to work.
— Arvind Narayanan (@random_walker) March 31, 2020
The larger story is Zoom selling users out to appeal to its real customers: managers & companies. It tries hard to "just work"—crucial when there are 50 people on a call—even at the cost of acting like malware. And however misguided attention tracking is, there's a demand for it.
— Arvind Narayanan (@random_walker) March 31, 2020
Well, enjoy that personalized background!
Yes, there are alternatives, but it's scary how dominant Zoom has become so quickly during the crisis. The fact that decisions are made at the enterprise level, combined with the usual network effects, means that individuals have basically zero power to choose not to use Zoom. ?
— Arvind Narayanan (@random_walker) March 31, 2020
***
Join the conversation as a VIP Member