What’s wrong with popular zoom web conferencing platform?

Chennai: People who were depending on Zoom meeting platform for work and other purposes during the ongoing coronavirus lockdown were in for a shock, when the government said the web conference solutions provider is not safe and it is not to be used for official purposes.

The warning, earlier issued by Computer Emergency Response Team (Cert-In), was reiterated by the Cyber Coordination Centre (CyCord) of the Home Ministry in an advisory.

“This advisory states that the platform is not for use by government officers/officials for official purposes,” a statement from the Ministry said.

Zoom became a popular application for executives conducting meetings while working from home during the countrywide lockdown announced by the central government to contain coronavirus pandemic in the country.

“The document makes reference to earlier advisories of the Indian Computer Emergency Response Team (Cert-In) and states that Zoom is not a safe platform. The guidelines have been issued to safeguard private individuals who would still like to use the platform for private purposes,” the Ministry said.

It said the advisory has been issued to prevent any unauthorised entry into a Zoom conference room and to prevent unauthorized participants to carry out malicious attacks on the terminals of other users in the conference.
The Computer Emergency Response Team of India (CERT-In) is the federal agency to combat cyber attacks to guard the Indian cyber space.

In an order issued earlier on 30 March, CERT-IN said the application was vulnerable to cyber attacks, including leakage of sensitive information.

“Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease. Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars,” the advisory said.

“Insecure usage of the platform may allow cyber criminals to access sensitive information such as meeting details and conversations,” it added.

In case of Zoom, a Motherboard analysis revealed that its iOS app sends data to social networking website Facebook even if a user doesn’t have an account on it. In fact, a user has filed a suit against the company, alleging that the app “collects information of its users and discloses, without adequate notice or authorisation, this personal information to third parties, including Facebook, invading the privacy of millions of users”.

Meanwhile, a Zoom spokesperson said, “Zoom takes user security extremely seriously. A large number of global institutions ranging from the world’s largest financial services companies and telecommunications providers, to non-governmental organisations and government agencies, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs.”

 

NT Bureau