Technology and gaming content trusted in North America and globally since 1999
8,619 Reviews & Articles | 61,087 News Posts

Zoom admits data was 'mistakenly' routed through China

Zoom is in deep doo-doo over its major security issues, CEO admits it 'mistakenly' routed calls and data through China

Anthony Garreffa | Apr 7, 2020 at 10:37 pm CDT (4 mins, 8 secs time to read)

Zoom is in serious doo-doo right now, with the videop conferencing provider now admitting that users' calls from around the world were routed through China.

Zoom admits data was 'mistakenly' routed through China 08 | TweakTown.com

Zoom CEO Eric Yuan admitted that his company "mistakenly" routed calls through China, he explained: "In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly - starting in China, where the outbreak began".

Yuan continued: "In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect".

Unfortunately, Yuan didn't say how many people were affected -- but I'm sure it's in the many millions of users.

Zoom is an interesting beast, as the video conferencing service will move traffic to the nearest data center which has the largest available capacity. However, Zoom's data centers in China are not supposed to be used to re-route non-Chinese users' calls. But, they did.

But it's not only that, as researchers at the University of Toronto found that the encryption used on Zoom's keys issued through servers in... China. This happened even when call participants were located outside of China.

The researchers explain: "During a test of a Zoom meeting with two users, one in the United States and one in Canada, we found that the AES-128 key for conference encryption and decryption was sent to one of the participants over TLS from a Zoom server apparently located in Beijing, 52.81.151.250".

They added: "A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China".

More Reading on COVID-19 coronavirus

Anthony Garreffa

ABOUT THE AUTHOR - Anthony Garreffa

Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.

Related Tags