I'd recommend reading the original Citizen Lab article as well, which discusses the flaws more specifically. This Intercept article is good, but seems to be aimed at more of a general, less-technical audience.
At the very least, they are validating TLS certificates. (Which I know is the true bare minimum requirement of TLS, but "goto fail" and all...)
>We set up mitmproxy to intercept the TLS traffic and configured the Zoom Linux client to route its TLS traffic through mitmproxy. Fortunately, the Zoom client did appear to warn us that the fake TLS certificates generated by mitmproxy were untrusted.
The CL article seems to be underplaying the vulnerability of ECB, with the "not recommended" description. Any cryptographer will tell you it's downright trivially broken, with textbook practical attacks taught to undergrads.
And another case of lying in marketing: "A security white paper from the company claims that Zoom meetings are protected using 256-bit AES keys, but the Citizen Lab researchers confirmed the keys in use are actually only 128-bit."
How do they keep doing this? Do they just put whatever sells best in the documents and implement something else? First the end2end thing, now 128 instead of 256 bits. How many more are we going to find in the coming days?
"We never meant to mislead people but we realise we don't use the terminology in the way it is normally understood. We added up the keys on both sides of the conversation to reach 256 bits." Is probably what they'll say
> Do they just put whatever sells best in the documents and implement something else?
Yes.
I've always expected businesses to stretch the truth with their marketing e.g. "Leading Brand of Donut in America", "Award Winning Bread", "Cheapest Gas for 50 miles"
However Zoom are just engaging in straight up false advertising regarding security features. It's not cheeky -- it's wrong.
Hard to say. Could be cultural where sales and engineering butt heads. Could be "sell it first, develop it later so we can beat the market" mentality.
Either way, Zoom is going to go down as either a company that did everything right and won the market or did everything wrong and won the market. Depending on who you talk to.
> Do they just put whatever sells best in the documents and implement something else?
I've worked 10+ years in Silicon Valley and the motto "it is better to beg forgiveness than ask for permission" really does ring true. This manifests at all levels from ICs and up the chain of leadership. People do what gets them their bonus/promotion and everything else be damned. "Acquire the customer and fix the security problem later" was the mindset here.
The story here is that Zoom uses key distribution servers located in China (in addition to several servers in the USA) and that Chinese law might be compelling Zoom to disclose the encryption keys. I think it is a valid concern, but for me it also raises the question of whether this may also be required in the US.
In addition to letting the Chinese (and possibly US) government in on the encryption keys, the encryption scheme is also badly broken (ECB mode of AES). Prof. Matthew Green has written many articles about AES and encryption more generally and I recommend his blog if you are interested (even as a lay person).
They are using EBC mode? I don't know of a single crypto library that would pick that as a default, so someone actually made this decision (like actively lowered encryption capability). I thought of some of the previous issues of not being too bad, but this leaves me wondering...
Maybe I've been sensitised by all the security flaws, privacy leaks and outright lies on Zoom's part, but I'm starting to really notice how much a lot of public figures are pushing Zoom.
Does anyone else find it really weird? Late-night TV hosts, I can understand - maybe they just get paid for it, or have Zoom shares. But for example UK government leaders repeatedly mentioning it by name, e.g. Matt Hancock saying that despite being unwell, Boris Johnson is still having "Zoom videoconferences", or saying Johnson addressed his "Zoom cabinet", just feels... weird.
Edited to add: thinking about it more, I remember "FaceTime" being used pretty similarly when it was new. So I guess all the bad news is just sensitising me.
Zoom is popular. Enough that it's both the default for many people and the tech that gets brought up in discussions. My dance school uses zoom. My work uses zoom. Online courses use zoom. Maybe it's more noticeable when famous people mention it, but really - it's a default now. Even if there was some shady push for it, it's also organically massively popular.
Maybe they tried Skype first, which works horrible (tried twice, never managed connect all the participants at the same time), and finally relief over something that actually works. I have used Zoom successfully with 70 participants, and then breakout groups. The only alternative I can see that recently came to my attention is Jitsi Meet (https://jitsi.org/), which I will try next time I have the opportunity. But seems like it has at least one of the same weaknesses as zoom, with no end to end encryption (https://www.reddit.com/r/privacy/comments/7syt0s/jitsi_meet_...)
It is curious, and post revelations in the recent decade nothing is too weird to suspect - but don't underestimate the immense social value of jumping on the technological bandwagon and the free "hip" PR that it produces in media.
And when more people do it, more people do it, i.e the bandwagon effect.
People then look at the articles written in the media and say "hey i use that app too, cool, we are part of the same tribe".
Showing of knowledge of the tech-zeitgeist is an easy way for a politician or anyone for that matter to appear being both with the times", "tech-savvy" and just the same as regular folk.
OT: My kids school uses zoom atm.
Been connecting using the web client at
https://zoom.us/wc/join/<meetingid without dashes>.
Today however those links are returning 403 Forbidden (even tried multi)
My knee-jerk reaction was that they have some way of capitalizing on installed software which they can't on the web-client. But of course it could simply be that the web-client requires more server resources and now have to curb its usage.
I always knew that the "zoom.us" is a dodgy name for an installation file. As if someone was going an extra length to make sure you think its a US company.
"home grown encryption scheme" seems to imply Zoom is rolling its own crypto, which is tremendously foolish.
That isn't exactly the case, per the same article. More Zoom is choosing a poor choice among other choices, of implementing AES:
"Furthermore, Zoom encrypts and decrypts with AES using an algorithm called Electronic Codebook (ECB) mode, “which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input,” according to the Citizen Lab researchers. In fact, ECB is considered the worst of AES’s available modes."
Bad idea but not "rolling own crypto bad"
edit: agree it's bad. this is pointing out inaccuracies in language from tech journalism reporting on security. This continues to be an issue per the miseducation it creates for the general public in infosec concepts, which is already an uphill battle of misconceptions. Since these articles, or AG Barr, are the discussions that actually hit the mainstream, it's an issue that needs to correct.ed Tech journalism, a profession focused on 'getting the facts,' are the direct conduit of this version of miseducation/failure of facts, and should be corrected. See: NY Times Baltimore Ransomware = NSA Tool (false), Bloomberg Supermicro (false, so far), etc.
Keyservers in China may be a risk, but this sounds like a terrible idea: "The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme"
I've really grown to dislike the "China == bad" thing, yes, they're domestically authoritarian, without excusing any of it, I like to act on hard evidence, not hear say, I am stunned that after the Bloomberg fiasco these kind of stories didn't take a hit.
P.S. Personally, I don't consider the NSA having my data as being any better, thank you.
EDIT: Just to be clear, I don't think Zoom's encryption claims should be trusted, but it's not because CHINAAA, it's because they're misleading people into thinking TLS means E2E.
If encryption keys are stored in a country where the company is required, by law or by force, to turn them over to authorities upon request then that should be noted. And yes that includes the US to a lesser degree.
When people say 'the server with the encryption keys is physically located in China, and they have many Chinese employees', the subtext that we should all know at this point is that they're required by Chinese law to turn everything over to the authorities. We have hard evidence & beyond hard evidence of this, so it's kind of assumed that educated people are aware of this. And yes the same goes for say US telecom companies having legally mandated backdoors & the US government exploiting this to conduct unauthorized surveillance or even just purely commercial spying, it's well-documented, everyone should know this. So in the future someone can say 'this telecom company is US-based' and we can all understand the subtext.
So it's OK to just say 'the servers are in China' and we should all know what that means, at this point. TLDR- it's OK to have priors
I've really grown to dislike the "people who presumably consider themselves ethical defending a regime that represses free speech and expression, brutally crushes dissenters, disappears ethical doctors, is led by a 'president for life' dictator, and has literally hauled off 1M muslims to internment campus where their organs are being harvested and their culture is being erased, thing".
OK, this makes things clearer. Zoom does in fact encrypt their streams from client to client but they have easy access to the keys.
In their recent post about this question they apologize for what they admit to be an incorrect use of the phrase "end to end encryption". They base this on the existence of things like the gateways used to the regular telephone network.
It seems like an odd way to spin this. Why didn't they just state that the data is encrypted "end to end" and then leave it at that? Apple supposedly has access to the keys used to encrypt FaceTime calls but they happily involve the "end to end encryption" marketing phrase. I don't see why Zoom couldn't do the same. The way Zoom has handled this could of been a lot better.
I think the world needs a consumer standard for cryptography. Something like:
* Level 1 for the case where any eavesdropper can get the plain text.
* Level 2 for when just the provider can get the plain text.
* Level 3 for when just the users can get the plain text.
Most of what is being described as "end to end encrypted" these days is really just level 2 even in the case where the provider does not have the keys due to the fact that the provider can trivially MITM the traffic. The general public should be made aware of the distinction without having to dig into the technical details.
Apple does not have access to FaceTime keys or iMessage keys for that matter. They are truly end-to-end encrypted, and I don’t think there is any need to cheapen or muddy the term for the sake of marketers.
dang|5 years ago
Matthew Green's article is being discussed here: https://news.ycombinator.com/item?id=22771193
meowface|6 years ago
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto...
At the very least, they are validating TLS certificates. (Which I know is the true bare minimum requirement of TLS, but "goto fail" and all...)
>We set up mitmproxy to intercept the TLS traffic and configured the Zoom Linux client to route its TLS traffic through mitmproxy. Fortunately, the Zoom client did appear to warn us that the fake TLS certificates generated by mitmproxy were untrusted.
dang|5 years ago
fulafel|6 years ago
t0mas88|6 years ago
How do they keep doing this? Do they just put whatever sells best in the documents and implement something else? First the end2end thing, now 128 instead of 256 bits. How many more are we going to find in the coming days?
lozenge|6 years ago
s_dev|6 years ago
Yes.
I've always expected businesses to stretch the truth with their marketing e.g. "Leading Brand of Donut in America", "Award Winning Bread", "Cheapest Gas for 50 miles"
However Zoom are just engaging in straight up false advertising regarding security features. It's not cheeky -- it's wrong.
HumblyTossed|6 years ago
Hard to say. Could be cultural where sales and engineering butt heads. Could be "sell it first, develop it later so we can beat the market" mentality.
Either way, Zoom is going to go down as either a company that did everything right and won the market or did everything wrong and won the market. Depending on who you talk to.
luckylion|6 years ago
president|5 years ago
I've worked 10+ years in Silicon Valley and the motto "it is better to beg forgiveness than ask for permission" really does ring true. This manifests at all levels from ICs and up the chain of leadership. People do what gets them their bonus/promotion and everything else be damned. "Acquire the customer and fix the security problem later" was the mindset here.
itcrowd|6 years ago
In addition to letting the Chinese (and possibly US) government in on the encryption keys, the encryption scheme is also badly broken (ECB mode of AES). Prof. Matthew Green has written many articles about AES and encryption more generally and I recommend his blog if you are interested (even as a lay person).
https://blog.cryptographyengineering.com/2011/12/01/how-not-...
kerng|5 years ago
ComputerGuru|6 years ago
drevil-v2|5 years ago
s_y_n_t_a_x|5 years ago
[deleted]
_-___________-_|6 years ago
Does anyone else find it really weird? Late-night TV hosts, I can understand - maybe they just get paid for it, or have Zoom shares. But for example UK government leaders repeatedly mentioning it by name, e.g. Matt Hancock saying that despite being unwell, Boris Johnson is still having "Zoom videoconferences", or saying Johnson addressed his "Zoom cabinet", just feels... weird.
Edited to add: thinking about it more, I remember "FaceTime" being used pretty similarly when it was new. So I guess all the bad news is just sensitising me.
viraptor|6 years ago
MobileVet|6 years ago
This is a huge win for Zoom on a marketing front.
complex1314|6 years ago
tzm|6 years ago
kossTKR|6 years ago
People then look at the articles written in the media and say "hey i use that app too, cool, we are part of the same tribe".
Showing of knowledge of the tech-zeitgeist is an easy way for a politician or anyone for that matter to appear being both with the times", "tech-savvy" and just the same as regular folk.
mrich|6 years ago
unknown|6 years ago
[deleted]
bryanrasmussen|6 years ago
It implies speed, and thus implies power.
Since you zoom in on things to see them better it implies attention to detail.
The productivity of the prime minister is in no way hampered, people, he Zooms!
fangorn|6 years ago
[deleted]
jalk|6 years ago
mattmcknight|6 years ago
tony101|6 years ago
ddebernardy|6 years ago
turowicz|6 years ago
tiborsaas|6 years ago
https://www.bloomberg.com/profile/company/ZM:US
throw445673|5 years ago
So “Zoom Us” like “Call Us.”
fock|6 years ago
No pun intended.
unknown|6 years ago
[deleted]
dogman144|6 years ago
That isn't exactly the case, per the same article. More Zoom is choosing a poor choice among other choices, of implementing AES:
"Furthermore, Zoom encrypts and decrypts with AES using an algorithm called Electronic Codebook (ECB) mode, “which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input,” according to the Citizen Lab researchers. In fact, ECB is considered the worst of AES’s available modes."
Bad idea but not "rolling own crypto bad"
edit: agree it's bad. this is pointing out inaccuracies in language from tech journalism reporting on security. This continues to be an issue per the miseducation it creates for the general public in infosec concepts, which is already an uphill battle of misconceptions. Since these articles, or AG Barr, are the discussions that actually hit the mainstream, it's an issue that needs to correct.ed Tech journalism, a profession focused on 'getting the facts,' are the direct conduit of this version of miseducation/failure of facts, and should be corrected. See: NY Times Baltimore Ransomware = NSA Tool (false), Bloomberg Supermicro (false, so far), etc.
minitech|6 years ago
- misusing cryptographic primitives is one way of rolling one’s own crypto
- ECB really is that bad
tpetry|6 years ago
_-___________-_|6 years ago
fock|6 years ago
t0mas88|6 years ago
unknown|6 years ago
[deleted]
kerng|5 years ago
senderista|6 years ago
senderista|5 years ago
aabbcc1241|5 years ago
Markoff|6 years ago
Markoff|5 years ago
I see denial is strong or HN has already it's army of wumaos.
tanvir08|5 years ago
[deleted]
paulcarroty|6 years ago
[deleted]
AsyncAwait|6 years ago
P.S. Personally, I don't consider the NSA having my data as being any better, thank you.
EDIT: Just to be clear, I don't think Zoom's encryption claims should be trusted, but it's not because CHINAAA, it's because they're misleading people into thinking TLS means E2E.
hash872|6 years ago
When people say 'the server with the encryption keys is physically located in China, and they have many Chinese employees', the subtext that we should all know at this point is that they're required by Chinese law to turn everything over to the authorities. We have hard evidence & beyond hard evidence of this, so it's kind of assumed that educated people are aware of this. And yes the same goes for say US telecom companies having legally mandated backdoors & the US government exploiting this to conduct unauthorized surveillance or even just purely commercial spying, it's well-documented, everyone should know this. So in the future someone can say 'this telecom company is US-based' and we can all understand the subtext.
So it's OK to just say 'the servers are in China' and we should all know what that means, at this point. TLDR- it's OK to have priors
petergatsby|6 years ago
scoot_718|6 years ago
[deleted]
upofadown|6 years ago
In their recent post about this question they apologize for what they admit to be an incorrect use of the phrase "end to end encryption". They base this on the existence of things like the gateways used to the regular telephone network.
It seems like an odd way to spin this. Why didn't they just state that the data is encrypted "end to end" and then leave it at that? Apple supposedly has access to the keys used to encrypt FaceTime calls but they happily involve the "end to end encryption" marketing phrase. I don't see why Zoom couldn't do the same. The way Zoom has handled this could of been a lot better.
I think the world needs a consumer standard for cryptography. Something like:
* Level 1 for the case where any eavesdropper can get the plain text.
* Level 2 for when just the provider can get the plain text.
* Level 3 for when just the users can get the plain text.
Most of what is being described as "end to end encrypted" these days is really just level 2 even in the case where the provider does not have the keys due to the fact that the provider can trivially MITM the traffic. The general public should be made aware of the distinction without having to dig into the technical details.
xtian|6 years ago
zepto|6 years ago
https://support.apple.com/en-us/HT209110