abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Article

7 Apr 2020

Author:
Business Insider

Zoom admits some non-China users had their calls routed through China "mistakenly"

“Zoom admits calls got 'mistakenly' routed through China”, 7 April 2020

… The video conferencing [Zoom] provider has admitted that some non-China users had their calls routed through China.

In a statement… Zoom CEO Eric Yuan admitted to mistakenly routing calls via China.

“In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly – starting in China, where the outbreak began,” Yuan said. “In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect.”…

During spells of heavy traffic, the video-conferencing service shifts traffic to the nearest data centre with the largest available capacity – but Zoom’s data centres in China aren’t supposed to be used to reroute non-Chinese users’ calls.

This is largely due to privacy concerns: China does not enforce strict data privacy laws and could conceivably demand that Zoom decrypt the contents of encrypted calls.

Separately, researchers at the University of Toronto also found Zoom’s encryption used keys issued via servers in China, even when call participants were outside of China.

They wrote: “During a test of a Zoom meeting with two users, one in the United States and one in Canada, we found that the AES-128 key for conference encryption and decryption was sent to one of the participants over TLS from a Zoom server apparently located in Beijing, 52.81.151.250.”

They added: “A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China.”…

Zoom did not immediately respond to Business Insider’s request for comment and clarification.