Zoom apologizes for routing some calls made in N. America through China, says it “mistakenly” allowed Chinese data centers to accept calls due to traffic spike
Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China …
TechCrunch Zack Whittaker
Related Coverage
- Move Fast & Roll Your Own Crypto The Citizen Lab
- Response to Research From University of Toronto's Citizen Lab Zoom Blog · Eric S. Yuan
- TechCrunch: ‘Zoom Admits Some Calls Were Routed Through China by Mistake’ Daring Fireball · John Gruber
- Zoom's Encryption is Tied to China, Raises More Concerns Wccftech · Furqan Shahid
- Does Zoom use end-to-end encryption? A Few Thoughts … · Matthew Green
- Keys Used to Encrypt Zoom Meetings Sent to China: Researchers SecurityWeek · Eduard Kovacs
- Zoom admits it routed some calls through China by mistake MSPoweruser · Anmol
- Zoom admits to routing some US calls through China BetaNews · Mark Wyciślik-Wilson
- Rep. McNerney and Colleagues Push Zoom for Answers About the Company's Privacy Practices Congressman Jerry McNerney
- Zoom turns on passwords, waiting rooms by default to plug privacy holes Digital Trends · Meira Gebel
- Zoom explains calls going through China Seeking Alpha · Clark Schultz
- PhoneBoy Speaks Ep 1280: Zoom Under The Microscope The PhoneBoy Blog
- Why Most Should Avoid The ‘Out Of Control’ Zoom Right Now Forbes · Patrick Moorhead
- Zoom vows to spend next 90 days thinking hard about its security and privacy after rough week … The Register · Simon Sharwood
- Zoom will enable waiting rooms by default to keep trolls out Engadget · Mariella Moon
- Zoom will turn on waiting rooms by default to prevent “zoombombing” Neowin · Usman Khan Lodhi
- Zoom enables waiting rooms by default to prevent Zoombombing MSPoweruser · Anmol
- States probe Zoom for possible privacy violations after officials' calls are Zoombombed CNBC · Lauren Feiner
- Use Zoom? Here Are 7 Essential Steps You Can Take To Secure It Forbes · Kate O'Flaherty
- Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic U.S. Department of Justice
- DOJ says Zoom-bombing is a crime ZDNet · Catalin Cimpanu
- US attorney and FBI warn that ‘Zoom bombing’ is a federal offense TechSpot · Cal Jeffrey
- Beware! ‘Zoombombing’ is a federal offence that can lead to imprisonment Pocketnow · Lee Kelly
- Here's everything you need to know about Zoombombing The Daily Dot · Siobhan Ball
- Zoom adds new security and privacy measures to prevent Zoombombing The Verge · Jay Peters
- Instagram, Twitter used to organize harassment campaigns on Zoom CNET · Queenie Wong
- Multiple state AGs looking into Zoom's privacy practices Politico · Cristiano Lima
- A Must For Millions, Zoom Has A Dark Side — And An FBI Warning NPR · Shannon Bond
- SpaceX bans its employees using Zoom over privacy concerns, report says Fox News · James Rogers
- Quick Turnaround From Zoom on Mac Issues, But Their Story Is Bullshit Daring Fireball · John Gruber
- ProBeat: What we've learned so far from Zoom's big boom VentureBeat · Emil Protalinski
- Zoom Video: Normal correction, long term bullish, and some other WFH plays Inside Outsider · Mei He
- Zoom CEO outlines changes as platform's security practices come under scrutiny from multiple state AGs Silicon Valley Business Journal · Marlize van Romburgh
- The Technology 202: Zoom chief Eric Yuan says he was not prepared for flood of security and privacy complaints Washington Post · Cat Zakrzewski
- It's time for Zoom to look at the bigger picture The Guardian · John Naughton
- Not only is Zoom's strong end-to-end encryption not actually end-to-end, its encryption isn't even that strong The Register · Thomas Claburn
- Zoom helped to connect the world, then got slammed for cybersecurity issues … Business Insider · Jeff Elder
- Zoom Alternatives: 5 Options For People Who Care About Security And Privacy Forbes · Kate O'Flaherty
- Security Researchers: Zoom's Encryption Is ‘Not Suited for Secrets’; Key Servers and 700 Employees Are in China Daring Fireball · John Gruber
- Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself TidBITS · Glenn Fleishman
- So Wait, How Encrypted Are Zoom Meetings Really? Wired · Lily Hay Newman
- Thousands of Zoom recordings exposed because of the way Zoom names recordings The Verge · Jay Peters
- How Zoom became so popular during social distancing CNBC · Dain Evans
- Washington to Zoom: Welcome to the hot seat Politico · Cristiano Lima
- Two U.S. state AGs seek info on Zoom's privacy practices Reuters · Amal S
- Another day, another couple of Zoom vulnerabilities discovered ... 9to5Mac · Ben Lovejoy
- Researchers shocked some Zoom encryption keys generated by servers in China Reclaim The Net · Didi Rankovic
- CEO Addresses Zoom Security Issues, Critics 'Don't Need Apologies' Channel Partners · Edward Gately
- Zoom's privacy and security woes in the spotlight WeLiveSecurity · Tomáš Foltýn
- Zoom Security: The Good, the Bad, and the Business Model CircleID · Steven Bellovin
- Were You Zoom-Bombed? Video of It May Now Be on YouTube, TikTok for All to See PCMag · Michael Kan
- Zoom pauses new feature development to focus on privacy, security Computerworld · Matthew Finnegan
- Zoom can make your private chats public, and other horrors Input · Mehreen Kasana
- Zoom Now Under Investigation by at Least 2 States Over Security Complaints Gizmodo · Tom McKay
- 5 things you can do today to make Zooming safer Naked Security · Paul Ducklin
- Work-From-Home Stocks To Watch: Zoom Video Communications (ZM) InsideBitcoins.com · Gary McFarlane
- Zoom Was Mining Data and Matching Users with LinkedIn Info Security Boulevard · Silviu Stahie
- Zoom is a dumpster fire. Try these two alternatives for video meetings Chrome Unboxed · Gabriel Brangers
- Zoom Has Security Flaws. It's Still Fine to Use VICE · Jason Koebler
- Zoom ‘unsuitable’ for government secrets, researchers say BBC
- How to stop ‘Zoombombers’ from trolling your online meetings Tech Xplore · David Tuffley
- Zoom is a godforsaken mess — but it can be fixed The Next Web · Ivan Mehta
- Today on Zoom: ‘Not suited for secrets’, encryption issues and more iMore · Stephen Warwick
- Zoombombing: FBI warns video calls are getting hijacked Mercury News
Discussion
-
@jbaksht
Baksht.data
on x
Oops. We didn't know routing our overflow to China would compromise our InfoSec. 👀 https://twitter.com/...
-
@counternotions
Kontra
on x
Honest mistake, rogue engineer, who could have predicted, our users' security and privacy come first, here's a $100,000 check for Planned Parenthood, are you happy now?! ↓ https://twitter.com/...
-
@patrickmoorhead
Patrick Moorhead
on x
Strikes me as “Facebook-like”. Here's how it goes: -trust us -sorry, we made a mistake -we'll do better next time -fix problem -trust us -sorry, we made same mistake TechCrunch: Zoom admits some calls were routed through China by mistake. https://techcrunch.com/... via @GoogleNew…
-
@zackwhittaker
Zack Whittaker
on x
New: Zoom now confirms that some calls were “mistakenly” routed through China, and has rolled out a fix to prevent it happening again. https://techcrunch.com/...
-
@maryhui
Mary Hui
on x
Among other concerns including encryption & data being routed through China, “Zoom...appears to own three companies in China through which at least 700 employees are paid to develop Zoom's software...this arrangement may make Zoom responsive to pressure from Chinese authorities” …
-
@sriramk
Sriram Krishnan
on x
Separately - also staggering to see the tool that most of us are relying on wish to get back to selling b2b and give up their (90+%?) consumer marketshare that they've built over the last two months.
-
@smartertrader
Sam
on x
How smart is SAM Please kneel https://twitter.com/...
-
@isaackrasny
Isaac Krasny
on x
I get why they have to do this, but it's taking away from what makes Zoom great in the first place https://twitter.com/...
-
@asanwal
Anand Sanwal
on x
Zoom's response to this sudden unexpected surge has been phenomenal It's a team and company that really appears to care about building great things and which responds to critical feedback in a constructive way So impressive https://techcrunch.com/...
-
@stevesi
Steven Sinofsky
on x
Zoom will require password and enable waiting rooms by default https://techcrunch.com/... // This is not only good to see but 💯🎯 crisis leadership. Product choices that dramatically change behavior/introduce friction —> super tough. Prev wrote♻️https:// twitter.com/...
-
@thetomzone
@thetomzone
on x
y i k e s https://gizmodo.com/...
-
@manjusrii
Belinda Barnet
on x
Good. It'd be better if it was encrypted as advertised (they say E2EE on website but it's not) and some kind of written guarantee they won't leak our data to third parties, eg Facebook, again. https://techcrunch.com/...
-
@briannawu
Brianna Wu
on x
Zoom has glaring security and privacy flaws that should give everyone pause, even outside of the concerns about “Zoombombing”. https://www.npr.org/...
-
@themaxburns
Max Burns
on x
The #Coronavirus outbreak has shown us how vital video teleconferencing is to keeping our economic system functioning in a crisis. Congress must protect the security of teleconferencing - it's as critical to our national infrastructure as power plants. https://www.justice.gov/...
-
@peterwsinger
Peter W. Singer
on x
DoJ and State AGs note that warn “anyone who hacks into a teleconference can be charged with state or federal crimes.” https://twitter.com/...
-
@_g0dmode
Mitch
on x
#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users.
-
@theferocity
Saeed Jones
on x
Experienced this recently first-hand, trolls flooded a zoom panel about queer memoir writing with images of graphic pornography. It was awful and saddening. I know friends who have been targeted with racist harassment. https://www.nytimes.com/...
-
@xianmind
Keith Plummer
on x
“An analysis by The New York Times found 153 Instagram accounts, dozens of Twitter accounts and private chats, and several active message boards on Reddit and 4Chan where thousands of people had gathered to organize Zoom harassment campaigns...” meetings.https://www.nytimes.com/ …
-
@satariano
Adam Satariano
on x
March 2020, when the internet was good again. It was fun while it lasted. https://twitter.com/...
-
@rashadrobinson
Rashad Robinson
on x
Glad Zoom is finally addressing the harassment of users on its platform, aka “Zoombombing.” But a blog post won't cut it. They need to develop a plan to combat the targeted harassment of Black & brown users and engage meaningfully with organizers to do so. https://blog.zoom.us/..…
-
The Parallax
Seth Rosenblatt
on x
How to make your Zoom meetings more secure
-
@alexrkonrad
Alex Konrad
on x
Zoom's CEO insists he was just trying to help when @zoom_us made its tools free to a now 90,000+ schools. In hindsight, he says “We did not do a good job” preparing teachers and schools in advance, and that Zoom should have done training sessions first. https://www.forbes.com/...…
-
@alexrkonrad
Alex Konrad
on x
Zoom has become the go-to tool of the at-home era with 200 million daily users. It's also become a flashpoint of controversy after a series of security and privacy concerns. I spoke to Zoom's CEO about it for this cover story in our next issue of @Forbes https://www.forbes.com/..…
-
@alexrkonrad
Alex Konrad
on x
Building tools for business for most of Zoom's history, CEO @ericsyuan says he never anticipated hackers would want to join a run-of-the-mill staff check-in or weekly work review — much less that hackers would someday want to disrupt virtual classrooms. https://www.forbes.com/...…
-
@jimscheinman
Jim Scheinman
on x
Thank you for this fair coverage of Zoom's meteoric rise & the real challenges that Zoom has faced. I'm so proud & impressed with Eric & the Zoom team's transparency & decisive actions to make Zoom even better. Your article is refreshing in a world of sensationalist journalism. h…
-
@mavenvc
@mavenvc
on x
Great story by @alexrkonrad—well worth the read. @ericsyuan's leadership this week has been nothing but impressive. https://twitter.com/...
-
@martingiles
Martin Giles
on x
Videoconferencing giant Zoom has suddenly found itself the center of global attention, for reasons both good and bad. This is a really terrific story from my @Forbes colleague @alexrkonrad, who digs into the opportunities and challenges it's facing! https://twitter.com/...
-
@wongmjane
Jane Manchun Wong
on x
I still remember Eric Yuan reaching out to video chat and I wondered which platform to chat on And he suggested Zoom. Eventually I realized he's actually the CEO of Zoom https://twitter.com/...
-
@n_sportelli
Natalie Sportelli
on x
“I feel like Zoom is not a part of Zoom anymore. Zoom belongs to the world now,” @ericsyuan told @alexrkonrad. As the world moved online, @zoom_us became our connecting thread. With that surging demand came increased scrutiny. Alex's new @Forbes cover.👇https://www.forbes.com/ ...
-
@forbes
@forbes
on x
“I told the team that with any crisis like this, let's not leverage the opportunity for marketing or sales. Let's focus on our customers,” Yuan says. “If you leverage this opportunity for money, I think that's a horrible culture.” https://twitter.com/...
-
@alexrkonrad
Alex Konrad
on x
Analysts see recent consumer hype around $ZM as a distraction. @AlexZukin at @rbccm says Zoom CEO Eric Yuan “is in an impossible situation” making everyone happy now, but that big customers are content with Zoom's security set-up. https://www.forbes.com/... cc @carlquintanilla ht…
-
@alexrkonrad
Alex Konrad
on x
We spoke to @ericsyuan 3x in the past month for this story. Yesterday, he accepted full responsibility for Zoom's problems, and thanked journalists and researchers for pointing out mistakes and flaws. Can he win back your trust? Thanks for reading 🙏 https://www.forbes.com/... htt…
-
@alexrkonrad
Alex Konrad
on x
Zoom's scrutiny has come during a historic run of user growth that's made it tough for it to keep up. Here's a chart of Zoom mobile use alone. Overall Zoom says it went from 10M users at end of 2019 to 200M in March, a historic jump for any business tool. https://www.forbes.com/.…
-
@alexrkonrad
Alex Konrad
on x
CEO @ericsyuan says that when Zoom froze new feature development on April 1, some were half finished, some nearly done. Now he's looking to suspend all tracking on Zoom's sites, and would consider open-sourcing Zoom's code in the future. https://www.forbes.com/... tip @techmeme h…
-
@glennf
Glenn Fleishman
on x
I compiled a list of every known Zoom security exploit, software bug, privacy failure, and bad decision (many now remediated) and what you can do about each of them. I had to add six in the last two days while writing & editing it. @TidBITS https://tidbits.com/...
-
@ayshardzn
@ayshardzn
on x
Zoom has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster’ https://www.theguardian.com/ ...
-
@dangillmor
Dan Gillmor
on x
A round-up from Bruce Schneier of the research showing how Zoom's “security” is a sick joke. If you have secrets to keep, don't go near this product. https://www.schneier.com/...
-
@dhh
@dhh
on x
An exhaustive account of all Zoom's privacy and security transgressions. When you see it all collected like this.. well, just, wow. https://tidbits.com/...
-
@nxthompson
@nxthompson
on x
The choices Zoom has made on encryption are reasonable. But they really shouldn't claim it's end-to-end encrypted. And they should stop with the muddled blog posts too. @lilyhnewman digs in deep. cc @dhh https://www.wired.com/...
-
@lilyhnewman
Lily Hay Newman
on x
Zoom has made a lot of claims and used a lot of very specific phrases in describing its encryption protections for meetings. Let's hash it out, shall we? https://www.wired.com/...
-
@dhh
@dhh
on x
Despite the confusing back-and-forth messaging, it finally seems clear that, no, Zoom is indeed NOT end-to-end encrypted, as they were claiming for a long time. Unlike, say, Apple's FaceTime, which for up to 32 users, indeed IS e2e. https://www.wired.com/...
-
@gcluley
Graham Cluley
on x
A Quick Look at the Confidentiality of Zoom Meetings by the team at @CitizenLab. https://citizenlab.ca/... (I wonder how much longer the UK Govt will be using it for cabinet meetings...) https://twitter.com/...
-
@micahflee
Micah Lee
on x
This is a very good and human-readable post by @matthew_d_green about how Zoom's encryption works, the good parts and the very bad parts, and how Zoom has a solid path forward to fix the most major problems https://blog.cryptographyengineering.co m/ ...
-
@ddayen
David Dayen
on x
Zoom is 2020's version of Milkshake Duck https://theintercept.com/...
-
@dhh
@dhh
on x
“Meetings on Zoom are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto” https://theintercept.com/..…
-
@eff
@eff
on x
Zoom has a lot of work to do if it wants to regain users' trust. In the meantime, if you continue using Zoom, consider these settings. https://www.eff.org/...
-
@mikb0b
Mikel Bober-Irizar
on x
Zoom's security just gets worse and worse. Broken encryption (ECB), 128-bit instead of quoted 256-bit, with keys issued by servers in China https://citizenlab.ca/... @zoom_us https://twitter.com/...
-
@c1truz_
Felix
on x
Check out this blog post if you want to learn more about the technical background of the Zoom issue and its implications. Also, here is the full VMRay Analyzer report https://www.vmray.com/... ✌️ https://twitter.com/...
-
@matthew_d_green
Matthew Green
on x
I wrote a non-technical post on the situation with Zoom and encryption. This mostly summarizes what we know from @citizenlab and Zoom itself: https://blog.cryptographyengineering.co m/ ...
-
@fightfortheftr
@fightfortheftr
on x
Using Zoom? Their video messaging does NOT use end-to-end encryption. Sign the petition to tell @zoom_us to protect your sensitive personal and professional communications. 🔒 https://actionnetwork.org/...
-
@swiftonsecurity
@swiftonsecurity
on x
Zoom is getting torn apart. That's not a bad thing. Very very few enterprise tools get the attention of world-class researchers. Even premier applications by huge companies go unexamimed b/c difficulty of obtaining and installing them. Plenty of Tier0 stuff written in C in 2007.
-
@zoom_us
Zoom
on x
We appreciate the scrutiny and questions we have been getting - about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better [Blog Post] https://blog.zoom.us/... by @ericsyuan
-
@taosecurity
Richard Bejtlich
on x
Looks like solid research by @citizenlab. If I'm reading it correctly, actors in China could have access to all the encryption keys needed to see calls. Keep this in mind when you chose to discuss sensitive info using #zoom. Obviously no mil/gov should talk classified on it. http…
-
@gordoncorera
Gordon Corera
on x
Interesting research from Citizen Lab on Zoom - it raises concerns about Chinese end of the company - ‘during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China’ https://citizenlab.ca/...
-
@jvagle
Jeffrey Vagle
on x
There are two things you should never do: 1. Get involved in a land war in Asia, and 2. Roll your own crypto https://citizenlab.ca/...
-
@nicdawes
Nicholas Dawes
on x
When the first phase of this is over, we are going to wake up to the scale of the information security and privacy risks we have all been taking https://twitter.com/...
-
@aaschapiro
Avi Asher-Schapiro
on x
An analysis of Zoom by @billmarczak & @jsrailton reveals it *does not* use industry standard protocols for voice & video— encryption & decryption keys come from Chinese servers. Their conclusion: it's fine for family chats, not for journalists & activists.https://citizenlab.ca/ .…
-
@ethanwhite
Ethan White
on x
Dear @zoom_us - as part of your focus on privacy and security over the next 90 days there is something we could critically use in education: the ability to record only the host side of a call. This will allow us to record and share classes without compromising student privacy. ht…
-
@joetidy
Joe Tidy
on x
NEW: Zoom ‘unsuitable’ for government secrets, researchers say. New study from @citizenlab shows Zoom encryption is crackable and unsafe for high level meets. I understand gov is working on adapting other existing tools ‘at pace’ to deal with the current communications conundrum.…
-
@iblametom
Thomas Brewster
on x
People lost their minds when Zoom was sending small pieces of data to Facebook even when users weren't on FB. Wonder how they'll react when they hear Zoom is sometimes handling encryption keys in Beijing, even when callers aren't in China... https://www.forbes.com/...
-
@mattbraga
Matthew Braga
on x
Also worth noting: “For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.” https://twitter.com/...
-
@katecallen
Kate Allen
on x
New report from @citizenlab on confidentiality and encryption of Zoom meetings: “Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.” https://citizenlab.ca/...
-
@susanpotter
Susan Potter
on x
A fantastic case study in how aggressively “making X easy” inevitably leads to “making X insecure.” If meeting confidentiality is not that important for your company then maybe the user exploit potential is note worthy. Zoom is a risky proposition for your employees to install. h…
-
@hackingdave
Dave Kennedy
on x
Example of hyperbole for the Zoom discussion and horrid fear-mongering by the media and comments from individuals that are not even security researchers This type of news is exactly what is damaging to the security industry and trust in us. @guardian https://www.theguardian.com/ …
-
@martinsfp
Martin Sfp Bryant
on x
cc: UK government. https://twitter.com/...
-
@woudena
Anneke VanWoudenberg
on x
An important read for NGOs, #humanrights lawyers, activists and journalists using Zoom during the #COVID19 crisis. Surely this is a problem Zoom should be urgently fixing? #bizhumanrights https://twitter.com/...
-
@mikko
@mikko
on x
Zoom's actions today remind me of the 2002 feature freeze of Microsoft, which started their journey to better Windows security. “When we face a choice between adding features and resolving security issues, we need to choose security”, said Bill Gates. https://www.wired.com/...
-
@antoniogm
Antonio Garca Martnez
on x
Well, if every societal institution had performed as well as Zoom's infrastructure team, we'd be OK. https://twitter.com/...
-
@andreasklinger
@andreasklinger
on x
I have more years of experience in engineering than i like to mention. But this does not compute for me... Keeping the infrastructure in check for a 20x on that scale is insanely impressive. Hats off to the zoom eng + infrastructure team. https://twitter.com/...
-
@dhh
@dhh
on x
This sounds great, but it's hard to take too seriously when the stance is “actually we were already doing great and being very transparent but you just didn't see it”. How you can say that while still lying about being end-to-end encrypted is something. https://www.theverge.com/.…
-
@uofgccs
@uofgccs
on x
Attention Zoom users! A vulnerability has been identified that could allow an attacker to gain control of a system or collect your Windows credentials. CCS strongly recommends updating your Zoom client immediately. @uofg @GuelphHumberUni More info: https://www.pcworld.com/... htt…
-
@salhernandez
Salvador Hernandez
on x
She was hosting a Zoom meeting for professional women of color, a way to connect and unwind during the pandemic. It got hijacked by trolls yelling the N-word at her https://www.buzzfeednews.com/ ...
-
@buzzfeednews
@buzzfeednews
on x
Zoom meetings are being hijacked by people yelling racist slurs and flooding calls with graphic content https://www.buzzfeednews.com/ ...
-
@wadhwa
Vivek Wadhwa
on x
Have been using @zoom_us but am going to insist that if people want to speak to me, they use @Skype instead. Zoom is a disaster area for security and privacy: https://techcrunch.com/... SpaceX and Nasa just banned it: https://www.reuters.com/....