Taiwan Bars Official Use of Zoom Over Security Concerns
Wed, April 21, 2021

Taiwan Bars Official Use of Zoom Over Security Concerns

 

The Taiwanese government’s executive branch has banned all official use of video conferencing app Zoom over security concerns. / Photo by dennizn via Shutterstock

 

The Taiwanese government’s executive branch has banned all official use of video conferencing app Zoom over security concerns, the Business Insider reports.

In a statement, the Taiwanese government said that if their agencies are to hold video conferences for business needs, “they should not use products with security concerns, such as Zoom.” Instead, they can consider using the services of major international information service providers, such as Microsoft or Google, that provide free software during the Covid-19 outbreak. According to the statement, their decision was based on the security risk assessment.

 

Zoom facing multiple security issues

Several days before Taiwan bars the official use of Zoom, the software company has faced multiple reported security issues. Some of these include inadvertently exposing the photos and personal email addresses of thousands of people and not using end-to-end encryption on video meetings although it frequently uses the term in its marketing. End-to-end encryption is a system of communication intended to prevent data from being secretly modified or read other than the true recipient and sender. Applying this system in Zoom is supposed to make sure that external hackers or even Zoom itself can access the video meeting.

However, “Zoombombing” became an issue due to the sudden increase of Zoom usage also caused by the pandemic. For instance, the screen-sharing feature of the app has been used to interrupt meetings with inappropriate content, including pornography and violent images. Some calls have also been reportedly routed through China. The latter issue is most likely the concern of Taiwan since its differences over its status have fueled tensions between the island and mainland. At present, the nation of China is represented by two separate authorities: the People’s Republic of China (commonly referred to as just China) and the Republic of China (Taiwan).

Taiwan’s independence has not been universally recognized and Beijing claims that the island is a part of their territory.

 

Several days before Taiwan bars the official use of Zoom, the software company has faced multiple reported security issues/ Photo by Anelovski via Shutterstock

 

No room for Zoom

Zoom’s CEO Eric Yuan admitted that some call data in their platform were “mistakenly” routed through China. Aerospace company SpaceX also prohibited its employees from using the app over privacy and security concerns. Search engine giant Google has similarly banned its staff from using the said teleconferencing platform. It said that security concerns arose when Zoom became one of the most popular teleconferencing services during the pandemic while almost everyone is working remotely.

Google spokesperson Jose Castaneda said that they have a policy of not allowing their staff to use unapproved apps for work that are outside their corporate network. They specifically mentioned the use of Zoom Desktop Client on their corporate computers. Nevertheless, Google employees who are using the app to stay connected with their family and friends can continue to use it through their mobile or web browser.

Before the pandemic highlighted the app’s vulnerabilities, the software company was already facing criticism. For instance, a flaw in the macOS enabled a Zoom URL to hijack a MacBook webcam. The vulnerability was publicly disclosed by security researcher Jonathan Leitschuh.

It may be a challenge to the teleconferencing provider as it was not originally designed for the consumer at its present scale. Earlier this month, the company said that its users grew from 10 million to 200 million in the past three months alone.

The top 10 countries that used their platform before the pandemic based on the total Meeting Participants and IM Participants are the United States (230,454), China (20,366), United Kingdom (9,739), Netherlands (9,384), Australia (6,678), Japan (5,592), Canada (4,079), France (2,524), India (1,724), and Germany (1,599).

In a statement sent to technology site TechCrunch, Zoom said that the company is taking user security “extremely seriously.” Many global institutions, including the world's’ largest financial companies, top telecommunication providers, telemedicine practices and healthcare, universities, and government agencies have done “exhaustive security reviews” of their datacenter, user, and network layers and have confidently selected Zoom for deployment. The statement added that the company is now in communication with governments of different countries and is focused on providing the information they need so they can make informed decisions of their policies.

 

 

Types of devices Zoom participants use

According to Zoom, majority (46.66%) of Zoom participants use Mac followed by Windows (31.4%), phone (6.36%), Zoom Rooms (5.55%), iOS (4.04%), android (1.93%), unknown (1.13%), H.323/SIP (1.13%), web (0.91%), iPAD (0.53%), Linux (0.23%), and Chrome OS (0.11%). H.323 is a protocol generally used for VoIP telephony and video conferencing.

In its financial results for the fourth quarter of January 2020, Zoom Video Communications Inc. announced a total revenue of $188.3 million, an increase of 78% year-over-year. Its Generally Accepted Accounting Principles (GAAP) income from operations for the quarter was $10.6 million compared to the $5.5 million GAAP income from operations in the fiscal year 2019.

Unlike Taiwan, the US military and government employees continue to use Zoom for official business. This is despite the warning from the FBI about security and privacy issues. Action experts fear that the government’s continued use of the app may increase the risk of government data breaches.

On April 1, the FBI announced that hackers could exploit the system’s weaknesses to target businesses and individuals performing financial transactions and to steal sensitive data. Such a kind of security concern is greater than Zoombombing. Cybersecurity expert Joseph Steinberg also told radio network Voice of America that the teleconferencing app may not only present security risk during the Zoom sessions but on the information that is stored on government devices. The app could jeopardize the security of government data if there are vulnerabilities and may also affect the computers within the same network.

 

 

A day after the FBI guidance was made known, a senior official from the Office of the Joint Chiefs of Staff said that he was not aware of any issues with Zoom and continues to use it because of social distancing measures. When pressed about the potential risks, he said that the discussion they had while using the software was at the “unclassified level.” A senior defense official likewise shared in the radio network that Pentagon is currently considering “guidance adjustments” when using the service for official business.

It seems that the videoconferencing service provider now needs to make a more serious effort to quickly patch vulnerabilities to continue to drive its expansion.