There has been a saying by the Ministry of Home Affairs that the Zoom App is not a safe platform to use. Amidst this lockdown due to COVID-19, a disease spread by the coronavirus, people have been encouraging to use online means for communications, Zoom being at the top.
This advisory by MHA came into April 14 and was told on Thursday to all journalists.
The MHA’s cyber coordination center has released a guideline for the usage of the Zoom application. MHA added that this app is not meant for usage by the government and officers.
The advisory mentioned that CERT-In released two advisories, first in February and the second one in March, regarding the unsafety of using the Zoom app in offices.
On March 30, the Cert-In website said that Zoom is a popular platform to have video conferences. However, an insecure platform may allow cybercriminals to have access to sensitive pieces of information such as meeting details and conversations.
On April 2, CERT-In added that report of more than one variable has come in this video conferencing platform, which could allow an attacker to gain elevated privileges or obtain sensitive information.
Ministry has asked users to have strong passwords and to enable the “waiting-room” feature. Ministry also said not to use personal meeting IDs and to use randomly generated IDs. Sharing of links via this app over public platforms have not been encouraged.
Many ministries have been using this platform for holding video conferences. Ministry of External Affairs, despite the release of notifications, used the app for video-conference with sixty journalists, on Thursday. The Ministry of Union Health who is coordinating for the COVID-19 disease is also using this app. Though officials have said that they wi]ould discontinue the use of this app.
Citizen Lab, based at the University of Toronto, found “significant weakness” in encryption of Zoom that protects meetings that are done using the teleconference application. It also identified areas that are of concern in Zoom’s infrastructure, which includes observation of the transmission of meeting encryption keys through China.
The Citizen Lab said that while Zoom was a Silicon Valley-based company, it has been an owner of three companies in China through which at minimum 700 employees were paid for the development of Zoom’s software. The Citizen Lab noted that this situation is ostensibly an effort at labor arbitrage as Zoom can ignore paying US wages while selling to US customers, thus leading to an increase in their profit margin. But, on the other hand, this scenario may make Zoom responsive to pressure if any from Chinese authorities.
Eric Yuan, founder of the Zoom application has accepted its lapses and is working on it.