Zoom not secure

India issues alert, MHA says Zoom not a safe platform

India’s Ministry of Home Affairs (MHA) has warned users that the videoconferencing app Zoom is not safe for use. The video conferencing tool of US-based company has been gaining popularity worldwide ever since the COVID-19 pandemic broke and become one of the most sought after collaboration tool during the lockdown in India.

According to the 16-page advisory issued by the Cyber Coordination Centre (CyCord) of the MHA on the secure use of Zoom by private individuals, the platform is not safe. Quoting the CyCord advisory, the MHA categorically stated that the platform “is not for use by government officers/officials for official purposes.”

Referring to the earlier advisories of the Indian Computer Emergency Response Team (CERT-IN), the CyCord document on ‘Secure use of Zoom meeting platform by private individuals’ stated, “It is a not a safe platform and advisory of CERT-IN on the same dated 6 February 2020 and 30 March 2020, may kindly be referred.”

The CERT-IN had in its 30 March 2020 advisory highlighted that Zoom’s videoconferencing application was vulnerable to cyber attacks, including data leak.

CyCord also provided guidelines on how users can prevent unauthorized users from entering the conference room carrying out malicious acts while using the tool. It also included a step-by-step guide for security configuration through the website and the mobile app.

“The broad objective of this advisory is to prevent any unauthorized entry into a Zoom Conference Room and prevent the unauthorized participant to carry out malicious attacks on the terminals of other users in the conference,” the ministry stated in a press release.

When contacted, Zoom Video Communications said that the company takes user security extremely seriously. “A large number of global institutions ranging from the world’s largest financial services companies and telecommunications providers to non-governmental organizations and government agencies, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs,” the spokesperson from Zoom India stated.

Earlier, several countries had expressed concern about the security vulnerabilities of the application, including Zoombombing or Zoom Raiding that makes it possible for uninvited participants to gain access and disrupt a meeting, and harass the participants. Concerned, Germany, Singapore, and Taiwan have already banned Zoom, while many companies including Google have stopped using its desktop versions.

Concerns have also been raised about the company routing some of the calls through its data centers in China even if they were outside the country raising further concerns of breach of privacy and snooping.

According to a recent Voice&Data survey, an overwhelming 54% of corporate respondents in India indicated that they were using Zoom as a tool to enable collaboration between remote workers, as well as for communicating and networking with clients since 25 March 2020, when the nationwide lockdown became effective in India.

Leave a Reply

Your email address will not be published. Required fields are marked *