Deeming it unsafe, Ministry of Home Affairs (MHA) has asked government officials not to use Zoom video meet app for holding meetings. The software of the app is said to be made in China and it is believed that some calls are routed through the country.
The US-based Zoom app, according to the government, can be easily hacked and confidential data and material stolen. While the government officials have been asked not to use Zoom or any other third-party app, the Cyber Coordination (CyCord) Centre of MHA has issued a detailed advisory for private individuals who want to use the platform for private purposes.
Since the lockdown began, many people, including in the government, have taken to using Zoom for video conference calls. Defence Minister Rajnath Singh and BJP president J.P. Nadda have been holding virtual meetings through Zoom. They have all been advised not to use any third party app but only the indigenously developed National Informatics Centre (NIC) platform for official and government video-conferences.
With millions of people working from home due to Covid-19 pandemic, holding company meetings, educational institutions holding online classes, the users of Zoom went from 15 million to 200 million in a matter of days. The Congress party has also been holding all its press interactions on the platform. However, ‘Zoombombing’ has become a nuisance since uninvited members manage to join in the meetings.
The MHA has red-flagged the platform following advisories issued by the national cyber-security agency – Computer Emergency Response Team of India (CERT-in). Though the advisories were issued on February 6 and March 30, the app continued to be in use. The CERT-in advisories had cautioned against the vulnerability of the app.
Its March 30 advisory, CERT-in said: “Zoom is a popular video conferencing platform. Insecure usage of the platform may allow cyber criminals to access sensitive information such as meeting details and conversations.” It asked users to set strong passwords and enable the “waiting room” feature so that call managers could have a better control over the participants.
In its advisory for private individuals, who wish to use Zoom, the MHA has issued detailed guidelines to prevent unauthorized entry in the conference room, to prevent an unauthorized participant to carry out malicious activity on the terminals of others and avoiding DOS attack by restricting users through passwords and access grant. A DOS (denial-of-service) attack is done by hackers to make a machine or network resource unavailable to its intended user (s).
Advertisement
The video meet app has also become a treasure trove for both ethical and not-ethical hackers who have zeroed in on the video conferencing app to find privacy and security bugs and make money.
One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.
The vulnerabilities - everything from webcam or microphone security to sensitive data like passwords, emails, or device information - are being sold on the Dark Web.
However, hackers said that Zoom flaws don't sell for high figures compared to other exploits.
Advertisement
Zoom app has started facing criticism as reports of "Zoombombing" and other privacy issues started surfacing from different parts of the world.
Citing privacy and security concerns, Google has banned the video meeting app Zoom for its employees.
Zoom Founder and CEO Eric Yuan has apologised for the privacy and security issues or Zoombombing being reported in his app.
Citizen Lab, a Canada-based independent research organisation, has found that Chinese servers are being used to distribute encryption and decryption keys for video links on Zoom, IANS news agency reported.
Earlier this month, according to a report by Reuters, Elon Musk''s SpaceX had also banned employees from using Zoom over security concerns.
According to a report by social media platform Blind, 12 per cent users have reportedly stopped using Zoom and 35 per cent professionals are worried that their information may have been compromised.
Pawan Duggal, India's foremost cyber security expert, calls Zoom a "glitzy timebomb". "It looks nice, but it's deadly," he was quoted as saying by IANS.
According to Rafi Kretchmer, Head of Product Marketing at cybersecurity firm Check Point, cybercriminals will always seek to capitalize on the latest trends to try and boost the success rates of attacks, and the coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organizations.
Advertisement
"This has meant a significant increase in the attack surface of many organizations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organizations need to protect themselves with a holistic, end-to-end security architecture," Kretchmer said in a statement.
(With IANS inputs)
