|
|
|
|
|
|
by periheli0n
1590 days ago
|
|
|
OK, so the actual communication (the call itself) will be transmitted over wifi. But this means that at least some kind of access token must be transmitted over ultrasound. Is this safe? I would love to see an analysis of that communication; whether it is encrypted, is the handshake secure or can it be hijacked, does,it transmit only an anonymous access token or the whole user ID etc. I mean, if I ever switch off Bluetooth it's exactly for the reason that I don't want my device to be detected/tracked. Zoom going around this by using ultrasound is kind of mean, since I can't prevent zoom from using audio if I want to be able to make calls. |
|
|
That was my interpretation of the feature described earlier in the thread
> But this means that at least some kind of access token must be transmitted over ultrasound. ...
Yup, I agree I'd love to know more about what is involved. I like to think there's a degree of authentication involved, but this is also Zoom. The company that installed a persistent service in order to circumvent a security feature in safari, that also allowed unauthenticated RCE.
> I mean, if I ever switch off Bluetooth it's exactly for the reason that I don't want my device to be detected/tracked.
I had assumed Android and PC had adopted the randomized MACs apple uses to prevent such tracking?
> Zoom going around this by using ultrasound is kind of mean, since I can't prevent zoom from using audio if I want to be able to make calls.
If we assume for now that it is properly authenticated, and has safe tokens to break tracking, identification, etc, then this behaviour seems reasonable. It would require you to open zoom in a room with the requisite enterprise-y teleconference equipment.
But of course that is quite a load bearing "if", and it already appears that they're trying to maintain the channel when they aren't active.