Under The Hood of Zoom

There are so many things said about the security of Zoom, that it is often difficult to know what’s right and what’s not. So, let’s have a quick look:

We see the TLS connection with a server at 3.126.143.72. Other subnets include: 3.21.137.128/25, 3.22.11.0/24, 4.34.125.128/25, 4.35.64.128/25, 8.5.128.0/23, 13.52.6.128/25 and 52.61.100.128/25. Apart from TCP Port 443, Zoom uses UDP ports 8801 to 8010. Here is the basic TLS connection:

Initally, we see a standard three way handshake with the Zoom server, afterwhich the client sends a “Client Hello”:

In this case, we see that the Zoom client requests 21 cipher suites. Around half of these are ECDH (Elliptic Curve Diffie Hellman) for the handshaking of the key, but there are some that use RSA encryption of the…