Zoom is at risk of information leakage.
①This is Zoom's danger information (1).
From NHK International Press on December 3,2021.
http://www.genkihiroba.net/vv/datatrap.html
Moore, Secretary of the British Foreign Intelligence Service MI6, warns that China is setting up “Debt Traps" and “Data Traps" by Belt and Road.
"Data Trap" uses HUWEI and ZTE, which are major telecommunications equipment companies in China, and Zoom and TikTok for software to collect information on countries around the world, cutting-edge technology and business secrets of companies in each country, and personal information. It means that there is.
Video:http://www.genkihiroba.net/vv/datatrap.html
In addition to HUWEI, the U.S. government also bans transactions with any company in the world that uses the products of five companies, including ZTE, a major telecommunications equipment manufacturer, Hikvision and Dahua Technology, a surveillance camera manufacturer, and Hitera, a wireless equipment manufacturer. Did.
For details, refer to the trends of new export restrictions in the US and China of the CISTEC Secretariat.
https://www.cistec.or.jp/service/uschina.html
②This is Zoom's danger information (2).
■Video conference app "Zoom" data sent to China Shareholders file a class action (THE EPOCH TIMES)
https://www.epochtimes.jp/p/2020/04/54523.html
■According to a research report by Citizen Lab, an internet research institute at the University of Toronto in Canada, Zoom points out that it uses non-standard encryption methods to send data to China. "Multiple test calls in North America confirmed that the conference encryption and decryption keys were transferred to a server in Beijing, China," the report said.
■Chinese companies, foreign companies with offices in China, and organizations with Chinese nationality must comply with the "Cybersecurity Law of China".
"Under the Cybersecurity Law of China, companies and organizations, both public and private and domestic and overseas companies, are obliged to provide data at the request of the government. ] Is the text. ("People's Republic of China Network Security Law (Internet Safety Law)" and "People's Republic of China National Information Law" enforced in June 2017)
As you know, HUAWEI's 5G has become a social and political issue all over the world because of this law these days.
On June 4, some of the Tiananmen Forums were unilaterally shut down in the middle of the event by Zoom headquarters at the behest of the Chinese government. In response to the protest, Zoom initially blamed the machine for failure, but top admitted that it was shut down at the behest of the Chinese government with various evidence. It was a clear case that the Chinese government constantly monitored and collected information on Zoom usage in a special frame. Evidence that the Chinese government is firmly enforcing the Cybersecurity Law of the People's Republic of China. It is the same composition that is pushing the Hong Kong National Security Law, knowing the criticism from the international community.
HUAWEI's 5G is also being watched worldwide, but there is a danger that even Zoom will leak highly confidential information. It is well known that not only HUAWEI but also telecommunications-related Chinese (affiliated) companies have huge investment from the Chinese government and military personnel of the telecommunications department of the People's Liberation Army of China are always seconded to conduct research and development together. When HUAWEI was still small and called Huawei Industry, the president (current chairman) at that time was enrolled in the communication department of the Chinese military department (Shanghai) in order to increase the authority of the company, so together with the Chinese military department He said he was doing research and development. Unexpectedly, the remarks made for authority in the past are now memorable as words that express horse legs.
At that time, it was the time of the “Military-civilian joint strategy." Currently, the “Military-civilian fusion strategy" is bringing the military color to the forefront.
~Proposals for some tools~
■ If you cannot stop using Zoom suddenly, or if it is difficult in terms of time, do it with "YouTube streaming" as the World Bank does. Alternatively, at a later date, the content of the day will be "recorded and re-distributed on YouTube, Adobe Connect, etc." only to those who wish. Alternatively, you can deliver it in parallel with Zoom. In this case, participants can choose the tool and participate safely.
■ "Cisco Webex Meeting" that is used by many software development companies and can also manage schedules.
https://www.cisco.com/c/dam/m/ja_jp/solutions/webex/pdf/cisco-webex-training-manual.pdf
It is used by many software-related companies because it is safe because it allows you to chat and manage schedules.
■ "Microsoft Team" made by Microsoft. Equipped with various functions.
It is convenient to share the formats and data used in Windows. You can also chat and call.
■ Use Skype. 100 people can participate at the same time. The functions are almost the same as the above apps.
Many webinar tools are being created one after another.
In the EU and other countries, each country develops and utilizes its own webinar tools.
③ China that collects, manages and controls information on the people and each of the people of each country.
China is at the forefront of the surveillance society, and the following things are happening.
It is an example of a criminal being caught while walking around town a few days later. Surveillance cameras installed in various places send the criminal's face photo to the server and save it, and then instantly collate the criminal's face photo with many face photos sent from the cameras spread around the town. It is a method to identify the criminal by so-called big data analysis.
China is using this method to control and control the people. For example, it is also used for the management and control of personal information of Hong Kong citizens, Uighurs, Tibetans, etc. Governments and the media in Western countries have vehemently criticized genocide in Uighurs and Tibet.
Also, it is becoming impossible to shop or move in China without a card. This system is also being applied to foreigners entering the country. I also go to collect information on foreigners.
Similar techniques are being used in Africa, developing countries and dictatorial countries affected by China. As in China, we are actively providing this system as a means of arranging cameras throughout the town, collecting facial photographs and personal information of the people, and ensuring dictatorship. And information on these countries will also be collected in China.
The faces of people all over the world will be collected by cameras, and the faces and personal information will be collected by mobilizing all Chinese SNS apps such as TikTok and Zoom. It's easy for China, which has collected 1.2 billion Chinese, to collect information on 6 billion people around the world for control and hegemony.
Guizhou Province in China is located in the mountains in the south, where servers of world-famous companies that handle big data such as GAFA are installed in large numbers in tunnels hollowed out on the hillside. This is to cool the heat of the server with the cold air in the mountains. There is one company's server in one mountain. It looks magnificent. It may be a secret whether the Chinese government's people's management server is in the mountains of Guizhou, but it will be somewhere and strictly managed. To collect information on the people and humankind. And it will be used for various AI analysis and for the people's rule and hegemony rule of China.
The contents of the "Hong Kong National Security Law" have given a tremendous shock to the world. If it is as reported, it is a wonder to prosecute anyone who has despised the Chinese government (the decision is made exclusively by the Standing Committee of the National People's Republic of China) whether it is a Hong Konger or a foreigner anywhere in the world. Because it is the content.
・ ・ ・ ・ ・ (Omitted)
We have built a national surveillance society model with the "Golden Shield System," which is a surveillance camera, location information, face recognition, AI analysis, and public security computerization. We will incorporate this into Digital Belt and Road, and all the data of the Belt and Road participating countries will be collected in China. The negative side of digital technology.
・ ・ ・ ・ ・ (Omitted)
China is deepening its relationship from the former "military-civilian joint" research to "military-civilian fusion". In other words, it is a declaration that the research of civilian scholars is one with the military research of the PLA.
④The 2022 Beijing Olympics athlete app "MY2022" has a serious security flaw. A keyword censorship list is also found.
http://xn--khttps-v43e//gigazine.net/news/20220119-my2022-china-olympics-app-security/
At the Beijing Olympics to be held in February 2022, the health management application "MY2022", which is required to be installed by all participants, has a security flaw that makes it easy to hack sensitive information. An analysis by a Canadian security researcher has revealed that there is. It is said that "MY2022" was loaded with data related to censorship of political keywords as well as encryption defects.
"MY2022" is an app developed by a Chinese state-owned company called Beijing Financial Holdings Group for the purpose of collecting information on new coronavirus vaccinations by Olympic athletes. All participants in China and abroad who participate in the tournament are required to download "MY2022" to their terminal 14 days before entering China, monitor their health condition every day, and submit the information in the app.
Regarding this app, Citizen Lab, an interdisciplinary research institute at the University of Toronto, said on January 18th, "The 2022 Beijing Olympics health management app "MY2022" is easy to encrypt to protect users' voices and file transfers. There is a simple but fatal flaw that can be avoided. “
There are two security flaws in "MY2022" pointed out by Citizen Lab this time. One of them is the vulnerability that the app does not verify the SSL certificate, so it cannot verify the destination of highly confidential encrypted data. With SSL, you can protect the privacy of the data that your device sends to the server and prevent the communication from being read or tampered with. The fact that "MY2022" does not have this function means that a third party interferes with the communication between the app and the server and impersonates a trusted server, stealing passport information and medical information, or falsifying the target. It means that it will be possible to send instructions.
Another flaw is that "MY2022" sends some sensitive data unencrypted. Unencrypted data includes highly private data such as the names of senders and recipients of messages, user account identifiers, etc., for people connected to insecure wireless LANs and the Internet. It was in a state where it could be easily stolen by a provider or the like.
These issues with "MY2022" have been confirmed for both Android and iOS.
Cross-country Exposure: Analysis of the "MY2022" Olympics app - The Citizen Lab.
https://citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/
China's app for Olympic athletes has security flaws, study finds - Axios
Report: Chinese Olympic app has serious security flaws | AP News
(*) The problem is that if the Beijing Olympic athletes and related parties take "MY2022" back from China and use it, they will infect other apps with the file transfer function (personal information leakage) or in conjunction with it. There is a danger of transferring other application data to China (personal information leakage). If you exchange emails with this party, you may also be infected and your personal information may be leaked. Be careful.
⑤ Researchers report that Android apps made in China collect important user information, and there is a risk of misuse by malware.
Palo Alto Networks, a cybersecurity company based in Santa Clara, California, says that two Android apps created by Chinese search engine giant Baidu contain code to collect sensitive information about users. Revealed in a report from Unit 42, the global threat intelligence team at. In response to this report, Google conducted an investigation and removed two apps from Google Play as of October 28, 2020.
Data Leakage Found From Android Apps on Google Play With Millions of Downloads
https://unit42.paloaltonetworks.com/android-apps-data-leakage/
Baidu Mobile Apps in Google Play Leak Sensitive Data | Threat post
https://threatpost.com/baidu-apps-google-play-data/161556/
Baidu's Android apps caught collecting sensitive user details | ZDNet
https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/
Android apps that could leak data reported by researchers included Baidu Search Box, a Baidu search app, and Baidu Maps, a map app. These apps have been downloaded more than 6 million times in total, and it is reported that the app also collected important information that can be kept tracked even if the user changes the device.
The IMSI, which is a unique identification number assigned to mobile phone users, and the IMEI, which is an identification number assigned to mobile phones and satellite phones, have various uses.
For example, the IMSI, which is generally associated with a SIM card, allows users to be identified and tracked even if the device is changed and the phone number is reacquired. You can also use IMEI to report to your provider that your phone has been stolen and disable your mobile phone to block access to your network. Since this information is of great benefit to cyber criminals, they are trying to steal it in various ways
Devil's Empire Russia. Don't forgive Putin, the Devil's Emperor !