We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.

logo
  • Engineers & Specifiers
  • Contractors & Installers
  • Wholesalers & Distributors
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Free Subscription
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • PRODUCTS
    • Bath & Kitchen
    • Fire Protection
    • HVAC
    • Hydronics/Radiant
    • Plumbing
    • PVF
    • Tools
  • PROJECTS
    • Commercial
    • Green Building
    • MRO/Retrofit
    • Remodeling
    • Residential
  • HOW TO
    • Design
    • Fire Protection
    • Legal Matters
    • Management
  • BUSINESS
    • Buying Groups
    • Technology
    • Associations
  • CODES & STANDARDS
    • ANSI
    • ASHRAE
    • ASSE
    • Regulations
    • Green Building
    • IAPMO
    • ICC
    • NFPA
  • RESOURCES
    • Media Kit
    • Advertise
    • Contact Us
    • Classifieds
    • Digital Editions
    • Behind the Wall
    • Webcasts
  • BUYER'S GUIDE
  • COVID-19
    • Events & Webinars
    • Business Resources
    • Industry Announcements
    • Health & Safety
    • Op-Ed
Home » MCAA Issues Alert About Zoom Online Meeting Platform

MCAA Issues Alert About Zoom Online Meeting Platform

April 9, 2020
No Comments
AWWA Announces Free COVID-19 Webinars

In partnership with the Mechanical Contractors Association of America's (MCAA) Cyber Security Expert, Nick Espinosa, the association would like to alert the industry to a possible security risk for organizations that was recently uncovered: the use of Zoom video conference.

Zoom’s issues are few-fold and encompass the following issues:

1. Technical vulnerabilities within the program. Attackers have been able to connect to Zoom meetings and disrupt them, record them and send potential phishing web links via the chat window. Further, it was uncovered that how the chat window was handling links could expose a person’s Windows username and hashed password. If the user’s password was weak it would be very easy to crack the password.

2. False claims of total privacy. Zoom had stated that when a Zoom meeting enabled encryption that only the participants of the meeting could see the meeting. Research by the University of Toronto’s Citizen Lab determined that because of how Zoom was applying encryption meetings could be viewed by others, including Zoom employees. Zoom’s Chief Product Officer, Oded Gal, later wrote a blog post in which he apologized on behalf of the company “for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.”

3. Betrayal of the public trust. In an article by The Intercept reporting on the Citizen Lab report on Zoom, it was determined that five out of Zoom’s 73 encryption management servers, known as KMS servers, were located in mainland China and that many meetings where participants were 100 percent located in the United States or North America where receiving encryption keys issued by these servers in China despite the fact that the remaining 68 KMS servers are located in the United States. Given that the Chinese government requires access to all businesses within China, it is very possible that the Chinese government has had access to live Zoom meetings and/or recordings.

It is for this reason that NASA, SpaceX and others have ordered the use Zoom to be forbidden for organizational meetings. The MCAA now joins the growing number of organizations in the world in stopping the use of Zoom video conference and also recommends that its members follow suit, especially if sensitive information is being discussed.

When someone, or an organization, chooses to use a program or service or even walk into a store to purchase something on a corporate credit card, they enter into a trust relationship with that entity. Individuals and organizations trust their local stores will handle their credit card transaction with the correct amount of security, and they trust that a company like Zoom will safeguard them as advertised. When that trust is broken, it’s hard to get it back.

Zoom has acknowledged these issues, including the China connection, by saying it was a mistake and an error in programming and has promised fixes and updates. Until the company has been proven to be secure for some time, MCAA believes it’s time to put its trust into another video conferencing solution.

Associations Business Contractors & Installers Industry Community News Mechanical Software Technology COVID-19 Industry Announcements
  • Related Articles

    The Unified Group Holds Annual Meeting Via Zoom

    National Taskforce on Tradeswomen’s Issues Holds Annual Meeting at Tradeswomen Build Nations Conference

    HARDI Announces New HVAC Curriculum for Online Training Platform

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular

  • James “Lukey” LaPorte Passes Away at His Home in Elmwood Park

  • Plumbing, HVACR Bright Spots in 2021

  • Operating Commercial Buildings with Confidence in the Age of COVID

  • Facets of Austin opens its renovated showroom designed to showcase only the products it sells with no distractions.

Featured Video

Sureseal video

SureSeal Floor Drain Trap Seal

Industry Events

  • 28Apr

    2021 BLUE HAWK Annual Conference

    Austin, TX
  • 12Oct

    BOILER 2021 – ABMA Boiler Technology Conference & Expo

    Dallas, TX
More Events

Subscribe to our newsletters & stay updated

Subscribe & Learn More

  • Tw01 2021
    Learn More
  • Pe01 2021
    Learn More
  • Phc01 2021
    Learn More
  • Es07 2020
    Learn More
Subscribe

More from PHCP Pros

  • Editorial Team
  • Home
  • Contact Us
  • About
  • Advertise

Follow Us

© 2021 All Rights Reserved

Design, CMS, Hosting & Web Development | ePublishing