Virtual Meetings on Zoom
The following is an edited version of a research article published on April 3, 2020. My conclusions are people in government and business with security concerns should be careful when using Zoom Meeting Software. However, for those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.
If you would like to read the complete article go to, https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
A Quick Look at the Confidentiality of Zoom Meetings By Bill Marczak and John Scott-Railton April 3, 2020
Danny Seiler offers polygraph tests in Maryland. Go to dannyseiler.com for more details »
This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.
Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
1. Background: A US Company with a Chinese Heart?
Zoom is a popular teleconference app whose popularity has increased dramatically, given much of the world is under mandatory work-from-home orders due to the spread of COVID-19. The app’s overarching design goal seems to be reducing friction in videoconferencing and making things “just work.”
Zoom’s most recent SEC filing shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.” The filing also implies that 81% of Zoom’s revenue comes from North America. Running development out of China likely saves Zoom having to pay Silicon Valley salaries, reducing their expenses, and increasing their profit margin. However, this arrangement could also open up Zoom to pressure from Chinese authorities. While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, several third-party Chinese companies sell the Zoom app within China (e.g., zoom.cn, zoomvip.cn, zoomcloud.cn).
In the past few years, a number of security issues regarding Zoom have come to light. These issues have included unintentional bugs, such as vulnerabilities in Zoom’s screen sharing feature, and privacy concerns, such as Zoom sharing data with Facebook. However, perhaps the most prominent security issues with Zoom surround deliberate features designed to reduce friction in meetings, which also, by design, reduce privacy or security. This includes Zoom installing a hidden web-server on Mac computers to circumvent a Safari popup that users had to click through before they joined a Zoom meeting, a Zoom feature that removes a password prompt during the installation process (and instead displays a misleading password prompt later), a Zoom feature intended to allow Zoom users at the same company (or ISP) to easily find each other, and Zoom’s easy 9 or 10 digit code which is sufficient to join a meeting created with default settings, leading to the well-reported phenomenon of “Zoom Bombing.”
Zoom’s documentation has a number of unclear claims about encryption that the platform offers. Some Zoom documentation (as well as the Zoom app itself) claims that Zoom offers a feature for “end-to-end (E2E) encrypted meetings.
Typically, the computer security community understands the term “end-to-end encrypted” to mean that only the parties to the communication can access it (and not any middlemen that relay the communication). Other Zoom documentation says that Zoom’s meeting software for Windows, MacOS, and Linux “by default” uses the industry-standard TLS 1.2 scheme for transport encryption, though a September 2014 blog post implies that this software does not use TLS.
In response to this confusion, Zoom released a blog post in April 2020 describing their encryption scheme. The blog post clarifies that Zoom does not currently implement “end-to-end” encryption as most people understand the term; Zoom used the term “end-to-end” to describe a situation where all conference participants (except those dialing in via the public switched telephone network) are required to use transport encryption between their devices and Zoom servers. Zoom’s definition of “end-to-end” does not seem to be a standard one, even in the realm of enterprise videoconferencing solutions. Because Zoom does not implement true end-to-end encryption, they have the theoretical ability to decrypt and monitor Zoom calls. Nevertheless, Zoom mentions that they have not built any mechanism to intercept their customers’ meetings: “Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list.”
Zoom’s April 2020 blog post does not, however, provide details about exactly how their encryption works, or clarify whether they use TLS or AES-256. Because of the potentially misleading and conflicting claims regarding Zoom’s encryption, and the proliferation of Zoom’s technology in the business, government, civil society, and healthcare sectors where confidentiality may be desired, we decided to examine exactly how Zoom meetings are encrypted.
2. COVID-19: A New Gold Rush for Cyber Spies
Social distancing and work-from-home policies have shifted government, economic, and personal activity online. In a rush to reconnect, users are rapidly adopting new apps and communications platforms. Some popular video chat and collaboration tools have added millions of users almost overnight. In many cases, consumer choice appears to be driven by the need for usability, speed, and stability, rather than a careful assessment of privacy policies and security protocols.
At the same time, the newly remote workforce is heavily reliant on personal equipment and online accounts for work business. The shift away from work networks and accounts deny cyber defenders the ability to enforce security standards while blocking their visibility into potential compromise.
Now, some of the most sensitive conversations in the world are taking place on devices and platforms vulnerable to basic forms of eavesdropping and attack techniques. This “new normal” is a potential goldmine for cyberspies. Given the business value of meetings currently being conducted on Zoom, it is reasonable to expect that the platform is being closely scrutinized by groups engaged in industrial and political espionage and cybercrime.
Zoom as an Intelligence Target
Zoom’s success has led it to attract conversations that are of high priority interest to multiple governments. We suspect that this makes Zoom a high priority target for signals intelligence (SIGINT) gathering and targeted intrusion operations.
Most governments conduct electronic espionage operations. Their targets include other governments, businesses, and individuals. Some, including the Chinese government, are known to conduct extensive industrial espionage. In addition, a growing number of governments have sought out mobile phone hacking technology and abused it to target the personal phones of journalists, lawyers, judges, and others who seek to hold them to account.
In addition, as digital rights advocacy group Access Now has pointed out in an open letter calling for a transparency report, Zoom has not publicly disclosed information such as statistics of requests for data by governments and what Zoom has done in response to these requests. Zoom’s policies concerning notifications to users over breaches or the handing-over of data to governments are also unknown; however, the company has just promised at the time of writing to release such a report within 90 days of April 2nd.
3. Results: Custom Crypto, Chinese Servers, Security Issues
Rather than using a standard protocol for sending voice and video, Zoom appears to implement its own transport protocol. The Zoom transport protocol seems to be a bespoke extension of the existing RTP standard.
The Zoom transport protocol adds Zoom’s own encryption scheme to RTP in an unusual way. By default, all participants’ audio and video in a Zoom meeting appear to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting’s participants by Zoom servers. Zoom’s encryption and decryption use AES in ECB mode, which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input. Industry-standard protocols for encryption of streaming media (e.g., the SRTP standard) recommend the use of AES in Segmented Integer Counter Mode or f8-mode, which do not have the same weakness as ECB mode.
4. How we Investigated
We began by observing Internet traffic associated with Zoom meetings using the Zoom clients on Windows, MacOS, and Linux. We used Wireshark to record our Internet traffic while we joined and participated in Zoom meetings. The vast majority of the Internet traffic during our Zoom meetings was exchanged between our computer and servers owned by Zoom on UDP port 8801. A further examination of the UDP traffic revealed that Zoom had apparently designed its own transport protocol, which wraps the well-known RTP protocol for transferring audio and video.
It is unclear to us whether Zoom servers use a cryptographically secure random number generator to create the meeting encryption keys or whether the keys may somehow be predictable. We confirmed that all participants in a Zoom meeting have the same conf.skey value and that this key does not change when participants join or leave. The key does, however, change when all users leave the meeting for a period of time; any new participant joining an empty meeting will cause the generation of a new conf.skey value.
5. Conclusion: Not Suited for Secrets
Zoom’s product is user-friendly and has rapidly grown its user base during the COVID-19 pandemic by “just working.” Zoom’s fast-growing user base, combined with marketing language around encryption and security, has attracted many sensitive conversations. This sudden popularity likely puts the product in the crosshairs of government intelligence agencies and cybercriminals.
Questionable Crypto & Encryption Keys Sent to Beijing
Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.
An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation-state attackers, including the People’s Republic of China.
Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks a transparency report, a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just stated (April 2nd, 2020) that it will release such a report within 90 days.
As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:
Governments worried about espionage
Businesses concerned about cybercrime and industrial espionage
Healthcare providers handling sensitive patient information
Activists, lawyers, and journalists working on sensitive topics
For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.
For those who have no choice but to use Zoom, including in contexts where secrets may be shared, we speculate that the browser plugin may have some marginally better security properties, as data transmission occurs over TLS.
Use Zoom Passwords, Avoid Waiting Rooms
As part of our research, we identified what we believe to be a serious security issue with Zoom’s Waiting Room feature. We have initiated a responsible disclosure process with Zoom, which is currently being responsive. We hope that the company will quickly act to patch and provide an advisory. In the meantime, we advise Zoom users who desire confidentiality to not use Zoom Waiting Rooms. Instead, we encourage users to use Zoom’s password feature, which appears to offer a higher level of confidentiality than waiting rooms. Instructions on password features can be found here.
The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk. Companies and individuals might erroneously assume that because a company is publicly listed or is a major household name, that this means the app is designed using security best practices.
As we showed in this report, that assumption is false.
Thanks to Masashi Nishihata, Miles Kenyon, and Lotus Ruan.
Bill Marczak’s work on this report is partially supported by the Center for Long Term Cybersecurity (CLTC) at UC Berkeley and the International Computer Science Institute,
The Citizen Lab is grateful for support from the Ford Foundation and the John D. and Catherine T MacArthur Foundation.