The Zoom desktop and mobile application is not a safe platform for video conferencing, the government warned today. It issued a set of guidelines for the safety of private users who “still would like to use Zoom for private purposes”.
The popularity of the app has grown in leaps and bounds during the coronavirus-inhibiting nationwide lockdown. Schools are using it to conduct virtual classes while offices that cannot afford to stay idle are connecting with their staff via Zoom. It is quite popular even for platforms that suffice as online news and views mediums, as it offers a 40 min window free for all users, charging them only for conferencing for longer durations. These small-time media houses are conducting television-like chat shows using Zoom.
“Zoom is not a safe platform even for the usage of individuals a detailed advisory has already been issued by CERT-India,” the Ministry of Home Affairs (MHA) said in a fresh advisory.
The country’s nodal cyber security agency Computer Emergency Response Team of India (CERT) had earlier warned the government of the data security hazard the app exposes users to.
The government advised users today to prevent unauthorised entry in the conference room and even malicious activity by authorised participants on terminals of the other participants. This would, the advisory said, avoid a DOS attack as users would be restricted through passwords and grant of access.
“Most of the settings can be done by login into users zoom account at the website, or installed application at PC/Laptop/Phone and also during the conduct of the conference. However, certain settings are possible through certain mode/channel only,” the guidelines from the MHA read.
An MHA officer said, “The Zoom app has issues relating to privacy and as well as security.” The servers of Zoom, like those of TikTok, are mostly located in China, he said. The government has found that the application has obvious weaknesses.
Zoom indulges in dubious practices the MHA warned. “Our technical analysis shows how this very popular video conferencing app encrypts meeting data,” said another officer.
“Leading business houses and governments and others who need confidentiality should not be using this software,” an officer in the cyber unit said.
CERT had warned the government after reports of instances of leaked passwords and hackers hijacking video calls midway through conferences surfaced.
Google has already prohibited the Zoom app from the computers of all its employees due to security vulnerabilities. Singapore has banned the use of Zoom by teachers after some hackers posted obscene images on screens during virtual classroom sessions. Germany, Singapore and Taiwan have, in fact, banned the app.
Last week, intelligence agency Australian Signals Directorate (ASD) warned users to stay away from insecure video conferencing applications like Zoom.
It’s only New Zealand’s Government Communications Security Bureau that has okayed the use of Zoom for public servants up to the “restricted” information classification level, but not for the stricter “secret” and “top secret” levels.