Citizen Lab, which was at the University of Toronto Munk School of Global Relations the other day, revealed a striking truth about Zoom, which has been used extensively with the transition to the remote system of the world. With the research carried out by Citizen Lab, the fact that Zoom was forwarding calls through China was revealed. An explanation came from Zoom about this fact revealed by Citizen Lab. At this point, let’s briefly summarize Citizen Lab’s research before moving on to the explanation made by Zoom. In its research published yesterday, Citizen Lab shared in detail that some calls made over North America and the password keys, which are the way to secure these calls, are routed through China. Zoom agreed that the calls were routed through China: Along with the information shared by Citizen Lab, it was also revealed that Zoom had access to these keys and therefore could access the desired call. Zoom said that it took strong precautions to prevent unauthorized access to the calls, but the passage of these keys through China jeopardized the privacy of users. In the statement from Zoom today, the fact that the company really forwarded calls through Chinese servers was accepted. Zoom said it wanted to expand its servers to meet the peak demand and accidentally confirmed that the two Chinese data centers could receive calls during internet density. Calls made in Zoom are made from any region’s server, under normal conditions. In other words, calls made in North America remain in North America and calls made in Europe remain in Europe. However, the sensitivity of some companies to China became available to the company due to the last error of Zoom. How was the referral done? Zoom used to follow its own transfer protocol during this process instead of following the standard protocol to send audio and video. This policy of Zoom was an extension of the RTP standard, according to the discoveries of Citizen Lab. Zoom’s protocol added its encryption scheme to the RTP standard in an unusual way. Normally, the audio and video of each user was sent by encrypting and deciphering between the users via a single AES-128 key. The AES key was distributed only among the participants on Zoom servers and at the meeting. Encryption and decryption of Zoom used AES in ECB mode, but this was a bad method for Zoom. Because this encryption mode left some clues on the input (like the clues seen in the image above). The encryption method proposed today for such platforms was the use of AES keys through ‘Segmented Integer Counter Mode’ or ‘f8-mode’ modes. Conducting a test on the zoom, Citizen Lab saw that the AES-128 key on the call was sent to a participant in Beijing. The scanning team discovered servers running the same Zoom server software in China and the USA. Accordingly, 5 servers in China shared the same software as in the USA. This led to the suspicion that the keys were shared between these servers.
