We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.

logo
  • Engineers & Specifiers
  • Contractors & Installers
  • Wholesalers & Distributors
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Free Subscription
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • PRODUCTS
    • Bath & Kitchen
    • Fire Protection
    • HVAC
    • Hydronics/Radiant
    • Plumbing
    • PVF
    • Tools
  • PROJECTS
    • Commercial
    • Green Building
    • MRO/Retrofit
    • Remodeling
    • Residential
  • HOW TO
    • Design
    • Fire Protection
    • Legal Matters
    • Management
  • BUSINESS
    • Buying Groups
    • Technology
    • Associations
  • CODES & STANDARDS
    • ANSI
    • ASHRAE
    • ASSE
    • Regulations
    • Green Building
    • IAPMO
    • ICC
    • NFPA
  • RESOURCES
    • Media Kit
    • Advertise
    • Contact Us
    • Classifieds
    • Digital Editions
    • Behind the Wall
    • Webinars
    • ASPE Live 2022
  • PODCASTS
  • DIGITAL EDITIONS
Home » MCAA Issues Alert About Zoom Online Meeting Platform

MCAA Issues Alert About Zoom Online Meeting Platform

April 9, 2020
No Comments
AWWA Announces Free COVID-19 Webinars

In partnership with the Mechanical Contractors Association of America's (MCAA) Cyber Security Expert, Nick Espinosa, the association would like to alert the industry to a possible security risk for organizations that was recently uncovered: the use of Zoom video conference.

Zoom’s issues are few-fold and encompass the following issues:

1. Technical vulnerabilities within the program. Attackers have been able to connect to Zoom meetings and disrupt them, record them and send potential phishing web links via the chat window. Further, it was uncovered that how the chat window was handling links could expose a person’s Windows username and hashed password. If the user’s password was weak it would be very easy to crack the password.

2. False claims of total privacy. Zoom had stated that when a Zoom meeting enabled encryption that only the participants of the meeting could see the meeting. Research by the University of Toronto’s Citizen Lab determined that because of how Zoom was applying encryption meetings could be viewed by others, including Zoom employees. Zoom’s Chief Product Officer, Oded Gal, later wrote a blog post in which he apologized on behalf of the company “for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.”

3. Betrayal of the public trust. In an article by The Intercept reporting on the Citizen Lab report on Zoom, it was determined that five out of Zoom’s 73 encryption management servers, known as KMS servers, were located in mainland China and that many meetings where participants were 100 percent located in the United States or North America where receiving encryption keys issued by these servers in China despite the fact that the remaining 68 KMS servers are located in the United States. Given that the Chinese government requires access to all businesses within China, it is very possible that the Chinese government has had access to live Zoom meetings and/or recordings.

It is for this reason that NASA, SpaceX and others have ordered the use Zoom to be forbidden for organizational meetings. The MCAA now joins the growing number of organizations in the world in stopping the use of Zoom video conference and also recommends that its members follow suit, especially if sensitive information is being discussed.

When someone, or an organization, chooses to use a program or service or even walk into a store to purchase something on a corporate credit card, they enter into a trust relationship with that entity. Individuals and organizations trust their local stores will handle their credit card transaction with the correct amount of security, and they trust that a company like Zoom will safeguard them as advertised. When that trust is broken, it’s hard to get it back.

Zoom has acknowledged these issues, including the China connection, by saying it was a mistake and an error in programming and has promised fixes and updates. Until the company has been proven to be secure for some time, MCAA believes it’s time to put its trust into another video conferencing solution.

Associations Business Contractors & Installers COVID-19 Industry Community News Mechanical Software Technology Industry Announcements
  • Related Articles

    The Unified Group Holds Annual Meeting Via Zoom

    PHCPPros to Host Town Hall Meeting on Infrastructure Issues with Oklahoma Congressman Markwayne Mullin

    National Taskforce on Tradeswomen’s Issues Holds Annual Meeting at Tradeswomen Build Nations Conference

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular

  • NIBCO Expands Industry Presence with Acquisition of Matco-Norca

  • Stories From the Mechanical Room Podcast: The Math Never Lies ft. Taco Comfort Solutions' John Barba

  • Newly Released Scorecard Ranks States for Water Efficiency and Sustainability Policies

  • New 3M Docuseries Showcases Need for Diverse and Meaningful Trade Careers

Featured Video

Flow aide

JC Whitlam Flow Aide Biodegradable System Descaler Kit

Industry Events

  • 04Feb

    ASHRAE Winter Conference

    Atlanta, GA
  • 05Feb

    IMARK Plumbing Annual Meeting

    Orlando, FL
  • 06Feb

    2023 AHR Expo

    Atlanta, GA
More Events

Subscribe to our newsletters & stay updated

Subscribe & Learn More

  • Tw02 2023 cover
    Learn More
  • Pe02 2023 cover
    Learn More
  • Phc02 2023 cover
    Learn More
  • Es 2022
    Learn More
Subscribe

More from PHCP Pros

  • Editorial Team
  • Home
  • Contact Us
  • About
  • Advertise

Follow Us

© 2023 All Rights Reserved

Design, CMS, Hosting & Web Development | ePublishing