Zoom has been used by millions of people for remote meetings as a result of the new crown outbreak. But its security is also a growing concern. Researchers at the Citizens Lab at the University of Toronto in Canada reverse-engineered the software and found that the company had false propaganda about encryption schemes.
Zoom claims that its meetings are encrypted using AES-256, but in fact only a simple AES-128 key is used in ECB mode, which is generated by Zoom’s server.
In some cases the key is generated by a server from China. It also claims to use end-to-end encryption, but in fact it is far from true end-to-end encryption, and the company’s definition of end-to-end encryption is different from the usual definition.
Although Zoom is a Silicon Valley company, there are three companies in China with at least 700 employees working in software, all of which are named SoftView Software.
Zoom’s SEC documents show that 81% of its revenue comes from North America.