The feds are concerned that Zoom’s security flaws could make the popular videoconferencing platform vulnerable to foreign spies, a new report says.
An intelligence analysis from the Department of Homeland Security found that Zoom’s explosive growth and its well known security problems make it a “target-rich environment” for government spy services and other hackers, ABC News reported Tuesday.
“Any organization currently using — or considering using — Zoom should evaluate the risk of its use,” the department warned in the analysis, which was reportedly distributed to law-enforcement agencies around the US.
The warning adds to mounting scrutiny of Zoom’s security and privacy amid a massive boom in its user base. Companies, schools and government officials forced to stay home during the coronavirus crisis have flocked to the platform for meetings that can’t be done in person.
Homeland Security experts found that hackers are likely to use new or existing vulnerabilities within Zoom to “compromise user devices and accounts for further exploitation of corporate networks,” according to ABC News. The feds are particularly worried about Chinese spies having access to Zoom’s servers because the company has some development work done in China, the report says.
“China’s unique position does not prevent other nation-states from using Zoom vulnerabilities to achieve their objectives,” the feds reportedly wrote.
Zoom strongly disputed the DHS’s analysis. A company spokesperson said it is “heavily misinformed, includes blatant inaccuracies about Zoom’s operations, and the authors themselves admit only ‘moderate confidence’ in their own reporting.”
“We are disappointed the authors did not engage with Zoom to verify the accuracy of these claims and understand the real facts about Zoom,” the spokesperson said in a statement.
All of Zoom’s source code is stored in the US, and its developers in China don’t have the power to make “substantive changes” to the platform or to access the content of Zoom meetings, the California-based company said. Zoom also recently released a software update with several security enhancements and has pledged to address security issues within 90 days.
The DHS report follows a warning from the FBI about incidents of “Zoom-bombing,” in which hackers hijack online video meetings. Schools and government bodies have dealt with such disruptions in recent weeks.