The government has warned its officials about the Zoom app, according to an advisory sent by the Cyber Coordination Centre (CyCord) of the Ministry of Home Affairs, as seen by Gadgets 360. The new move by the government comes days after the national cyber-security agency Computer Emergency Response Team of India (CERT-In) cautioned against the video conferencing app that gained huge popularity due to the coronavirus outbreak that has pushed people to start working from home. Many organisations including Google and Standard Chartered have also told their employees to refrain from the Zoom app.
In the advisory dated April 12, the CyCord has highlighted security concerns through the Zoom app that crossed the mark of 200 million daily users due to the coronavirus-focussed lockdowns worldwide. Re-stressing that Zoom should not be used by government offices/ officials for official purposes, CyCord adds it can still be used by individuals in their personal capacity. If they choose to do so, they should follow security best practices, which were highlighted earlier this month by CERT-In. The official document includes security configurations that are recommended for private individuals using the infamous app.
Some of the security configurations noted by the government includes the ways to hide personal meeting IDs and enabling the requirement for passwords. The advisory also provides settings to restrict third-party access to virtual meetings that is often called “Zoombombing” by the media.
Zoom responded to Gadgets 360 by saying it takes the matter seriously, but did not share any specific security measures it is implementing, or directly respond to the numerous allegations about its lack of security.
"Zoom takes user security extremely seriously. A large number of global institutions ranging from the world's largest financial services companies and telecommunications providers, to non-governmental organisations and government agencies, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs," the company said in a statement emailed to Gadgets 360.
As mentioned, earlier this month, CERT-In released a similar advisory and cautioned against the vulnerabilities of the Zoom app. “In secure usage of the platform (Zoom) may allow cybercriminals to access sensitive information such as meeting details and conversations,” the agency had said in its document.
In addition to the developments by the CyCord and CERT-In in India, the US Senate recently told its members to not use the Zoom app due to security concerns. The FBI is also investigating the app for various flaws after receiving multiple reports from users of being startled by pornographic content during virtual meetings.
One of the reasons behind the increase in privacy concerns for the Zoom app is its skyrocketing growth during the pandemic. The app was originally meant for enterprise customers, however, it gained popularity even in schools and among individuals since it allows them to connect together virtually. However, Zoom is trying hard to address the ongoing issues.
The San Jose, California-based company acknowledged some of the privacy issues emerged on the Zoom app earlier this month and freezed future updates to resolve existing privacy and security issues.
Last week, Zoom CEO Eric Yuan hosted a live stream on YouTube to ensure the security of its users. The company also recently hired former Facebook security chief Alex Stamos as it faced backlash from major corporate clients including Google.