Newcomer

Question

"Important Information Regarding Zoom Desktop Client for Linux"

Forum|Forum|3 years ago
October 12, 2022
10 replies
0 views

Hi,

some users in my company received an email notifying that Zoom will be retiring the current key pair used to sign the Linux client on November 2, 2022. and requesting users to download and trust the new public key (see attached screenshot)

Requiring to download directly from the email instead of inviting to do it after logging into the site is quite suspicious.

I can't find any official communication or release note on the website.

Anyone experiencing the same or clue of communication authenticity?

Thanx

J

jerryb8

Newcomer

I have also been contacted by a user receiving this message. Is this genuine or a scam?

D

danensis

Newcomer

I received this, and was somewhat suspicious as it was addressed to "Dear Valued Customer" which is the usual form of address in scams.
I tried clicking on the link, and the file downloaded, but the instructions didn't work, so I didn't chase it up

J

jerryb8

Newcomer

Thanks for this. It would be really useful if Zoom could prioritize this as soon as possible and give a response. They should know whether they created this or not!

D

dwochele

Newcomer

I got this too, distributed via the licence contact. I am unsure.... Can not find direkt info in zoom website.

U

UK_Dave

Newcomer

I've end up here for the same reason, is it a scam?

Q

quakeyjase

Newcomer

Stupidly, I think I may already have fallen for this! My only hope is I might not actually be adept enough to have successfully followed the instructions. If I have, would it be enough to delete the client and reinstall from the zoom download site, or is that too optimistic?

A

arossiAuthor

Newcomer

download link redirect to click[.]zoom[.]us wich is different from zoom.us and has different SSL certificate from *.zoom.us

It is very suspicious.

Email is from *********** wich looks authentic but it may be a spoofed email that passed the DMARC/DKIM/SPF controls

I opened a ticket at https://zoom.us/trust-form for support

Q

quakeyjase

Newcomer

Thanks for this. I am unable to open a ticket as I only have a Basic account and zoom don't want to hear from me. I am using zoom for community group meetings on a no-budget basis.

J

jerryb8

Newcomer

Personally in your situation I wouldn't start up Zoom again until you get an official response from them. But they are certainly not in a hurry to respond.

Q

quakeyjase

Newcomer

Thanks that's pretty sound advice. I have put the word out that there might be an issue. Most of my network are windows/mac, so I'm hoping it is restricted to Linux.

P

pabigotllc

Newcomer

I too was forwarded that message, and when I use wget to download the key from the link in the message it's identical to what I download with Chrome from https://zoom.us/download#client_4meeting. The fingerprint of the key also matches what's on the download page. So it's probably fine.

meer5[129]$ gpg --show-keys --fingerprint /tmp/package-signing-key.pub
pub rsa2048 2015-06-07 [SC]
3960 60CA DD8A 7522 0BFC B369 B903 BF18 61A7 C71D
uid Zoom Video Communcations, Inc. Linux Package Signing Key <***********>
sub rsa2048 2015-06-07 [E]

Q

quakeyjase

Newcomer

That sounds hopeful to me. And am I right in thinking that if a scammer has tried to get me to apply a bogus key, the most they can have is credentials to attend/host meetings with my existing account? So if I scrub my account and start a new one without attending any in the meantime, am I good to go? Sorry for my dimness and asking a lot of stupid questions! I'm finding this difficult to get my head around!

Q

quakeyjase

Newcomer

If someone from zoom.us could answer the following definitively I would be very grateful:

1) Did they send the original email? (Y/N)

2) If N to 1), would the measures I described above (reinstall client and public key) be enough to neutralise the risk? (Y/N)

3) If N to 2), should I delete my account and start a new one before using zoom? (Y/N)

4) If Y to 3), is there anything else I need to do in order to use zoom again safely? If so, what?

Q

quakeyjase

Newcomer

Right. I've just managed to get through to the technical team on a webchat, which I couldn't manage to do earlier. It seems the original email was genuine, and here's a link that should help: https://support.zoom.us/hc/en-us/articles/9836712961165 . I think we can all relax, thanks to the developer. I made a cheeky request that the developer review this thread when they have time and try to make any future messages less ambiguous, based on the flags that were raised for us. I don't know about you but I will literally sleep better tonight now!