Newcomer

Question

Is this a scam? Zoom Desktop Client For Linux

Forum|Forum|3 years ago
October 12, 2022
7 replies
5 views

I recently received an email from *********** which said

As an admin or owner of an account with users using the Zoom Desktop Client for Linux, we are reaching out to notify you that we will be retiring the current key pair used to sign the Linux client on November 2, 2022. To avoid service interruption, we advise that you ask your users to download and trust the new public key.

Please follow the instructions below to download the new GPG validation key by 11/2/22 to avoid service interruption.

[...] and then some instructions [...]

Is this a scam or is it legit? I haven't managed to find other info about this on the zoom website.

F

Fermentlife

Newcomer

Me too!
I would not want to do this procedure without confirming that it is not an attack attempt.
Please give us your confirmation.
Thank you.

S

sundarvenkata

Newcomer

I got the same email as well. Please confirm if this is safe.

J

Jeff924

Newcomer

I got the same message. It is suspect because, well, I don't want to say why it is suspect because I don't want the bad guys to learn how I came to suspect them.

I would expect zoom to send a message, in flat ASCII or flat UNICODE, that said "If you use the linux zoom client, then please login to your account as you normally do. We have a message for you that we want to send you through a known secure channel".

Zoom: are you listening?

Bort

Employee

Hi all,

Yes, this is an authentic email from Zoom. Please take the necessary steps to update your Linux client to avoid service disruption.

J

Jeff924

Newcomer

Bort, ask your security people about sending keys - keys! - through HTTP and not HTTPS. Also, ask them about using any URL other than from zoom.com or zoom.us or zoom. (country code). Also, ask them about sending ANYTHING material through E-mail! For all intents and purposes, E-mail should be considered dead with the exception of alerting the recipient that there is a message for them on a protected web server. I'm sorry. It was a wonderful idea 50 years ago, but now bad actors are so prolific that it's just useless. Even if it was not bad actors, the signal-to-noise ratio is fast approaching zero. Yesterday, I counted. Of the 283 E-mails, only 3 were actually useful to me.

J

John_Z

Newcomer

Thanks for the reply.

Can we get some instructions that are much clearer? The email makes little sense to me.

Thanks.

Bort

Employee

Yes, we're working on it. We'll have a more detailed support article available soon.

J

japril

Newcomer

I imported the key into a gpg keyring just to check it out and it's from 2015 .. do you guys realize that? Seems like an old key and not a new one.

PK76_2

Employee

Hello @symbalex and everyone! I have an update for you:

Here's a support article regarding the email you received: https://support.zoom.us/hc/en-us/articles/9836712961165. In short, Zoom IS retiring the current key pair used to sign the Zoom desktop client for Linux. Based on some feedback, users were unable to download the new public key. Zoom is working to resolve this issue and will share details as we have them. No customer action is required at this time.

When we have additional instructions, we will update the support article.

If this helped, please mark this reply as a solution so others can see this message as well. Thank you!

S

sob

Newcomer

You may want to think about letting people know about this in the same way the change was announced, i.e. by e-mail! I had to go hunting to find this info.

PK76_2

Employee

I agree—the team is working on it!

Getting Started

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded