Intel report warns Zoom could be vulnerable to foreign surveillance

A DHS intelligence report offers a warning about foreign surveillance and the popular video conferencing system.

The report was issued jointly by the Department of Homeland Security’s Cyber Mission and Counterintelligence Mission centers, and was distributed to law enforcement and government agencies around the country. It comes less than a month after the FBI’s Boston office warned that hackers were able to hijack or disrupt videoconferences in what has come to be known as “Zoom-bombing.”

Hackers “likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks,” the notice says. Even security fixes don’t eliminate the concerns, analysts said, because “the patching process is undermined by … actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.”

A Zoom spokesperson told ABC News the company disagrees with the intelligence analysis and that it is “heavily misinformed, includes blatant inaccuracies about Zoom’s operations, and the authors themselves admit only ‘moderate confidence’ in their own reporting. We are disappointed the authors did not engage with Zoom to verify the accuracy of these claims and understand the real facts about Zoom.”

DHS intelligence experts noted the popularity of Zoom has skyrocketed with the platform’s daily user base growing, according to company statistics, from 10 million a day to 200 million since December. While in the last six weeks, government stay-home orders have forced learning, government and business operations to migrate from physical spaces to the internet.

Among the specific concerns laid out by analysts is the risk posed by some development work for Zoom that is done in China. Because of China’s strict intelligence and intellectual property rules, “China’s access to Zoom servers makes Beijing uniquely positioned to target US public and private sector users,” according to the document. “China’s unique position does not prevent other nation-states from using Zoom vulnerabilities to achieve their objectives.”

Read More »