By – Sneha Khandelwal
As people work from home amid the ongoing COVID-19 pandemic lockdown, cases of cyberattacks, hacking and even ransomware have been on the rise. One such main concern is the Zoom video-conferencing app. It has been facing several privacy and security concerns resulted in severe criticism and cyber threats globally. Recently, Zoom came under the Indian government’s radar due to growing security concerns around it.
(This story originally appeared in TOI on Apr 10, 2020)
A senior corporate executive was on a video conference call with his top management using the popular Zoom app while working from home due to the coronavirus lockdown. Minutes after the meeting started, the screen was hacked, and pornographic content started playing across the screens of those who were on the call, prompting them to abruptly terminate the call.
Zoom is no stranger to privacy attacks. Recent cases of Zoom bombing, which the company has acknowledged in its blog, and a bug in the iOS app that sends user data to Facebook have mired the popular video-conferencing app in controversy. CERT (Computer Emergency Response Team) has further cautioned users against the cyber vulnerability of Zoom, saying that “the unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to cybercriminals.”
Security research has discovered three bugs or flaws in the Zoom App.
- It allows the hackers to steal windows password.
- The hackers gains physical access to a Mac device by taking control of their webcam and a micro-phone.
- It allowed a cyber crook to compromise the audio and video feeds of a Zoom- like intercepting the feed with some X rated stuff and such.
Some important infomation about this app:-
Note 1- In Feb this year, Zoom had a daily download stats of just 17,000 which zoomed to 2.5 million by the end of March 2020.
Note 2- Zoom happens to be a San Jose based company that offers digital video conferencing services such as online meetings, chats, and mobile collaboration.
Note 3- This 2011 started company hit the milestone of 40 million users in late 2015 with a business subscription list of 65,000.
Note 4– To date, the company is reported to have hosted over 1 billion meeting minutes.
Note 5- The Company was sued by the US Federal Court for illegally leaking personal data of its users to companies like Facebook and Google in March 2020.
In response, Zoom’s founder and CEO Eric Yuan said “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socialising from home,”
What CERT-India Recommends
The agency recommended a few safety measures for users to enhance the security of their Zoom meetings.
- Keep the Zoom software patched and up-to-date
- Set strong, difficult-to-guess, and unique passwords for each meeting
- Enable ‘waiting room’ feature for better control over all participants
- Lock the meeting session once all your attendees have joined
The Cyber Coordination Centre (CyCord), under the Ministry of Home Affairs (MHA) in India, recently released a detailed advisory on the usage of the app.The advisory asked government representatives to avoid using the Zoom platform for official purposes, citing it as unsafe. The advisory also listed certain guidelines for safe usage of Zoom by private entities and individuals for unofficial purposes. These include:
- Set new user ID and password for each meeting
- Enable the meeting room
- Disable join before host
- Allow screen sharing by host only
- Disable allow removed participants to re-join
- Restrict or disable file transfer option
- Lock meeting once all attendees have joined
- Restrict the recording feature
- End meeting (and not just leave, if you are the administrator)
In response to the Indian government’s advisory, Zoom authorities stated that the company is discussing potential ways to regain the confidence of Indian users on its platform. It also plans to bring the end-to-end encryption on the platform for video meetings, which is only applicable to the textual conversations so far.
Recently, Germany and Taiwan have banned the use of Zoom in their nations. The New York City officials stated that schools in the City will no longer be allowed to use Zoom for online teaching. Also, the Australia’s Defense Force and its MPs are barred from using Zoom services.
India is also being asked to avoid using Zoom for official purposes.