The Zoom video-conferencing app has been facing privacy risks amid the ongoing COVID-19 pandemic. There are several privacy and security concerns associated with the app that resulted in severe criticism and cyberthreats globally. Recently, Zoom came under the Indian government’s radar due to growing security concerns around it. The Cyber Coordination Centre (CyCord), under the Ministry of Home Affairs (MHA) in India, recently released a detailed advisory on the usage of the app.
The advisory asked government representatives to avoid using the Zoom platform for official purposes, citing it as unsafe. The advisory also listed certain guidelines for safe usage of Zoom by private entities and individuals for unofficial purposes. These include:
- Set new user ID and password for each meeting
- Enable the meeting room
- Disable join before host
- Allow screen sharing by host only
- Disable allow removed participants to re-join
- Restrict or disable file transfer option
- Lock meeting once all attendees have joined
- Restrict the recording feature
- End meeting (and not just leave, if you are the administrator)
In response to the Indian government’s advisory, Zoom authorities stated that the company is discussing potential ways to reinstate the confidence of Indian users on its platform. It also plans to bring the end-to-end encryption on the platform for video meetings, which is only applicable to the textual conversations so far.
The latest move comes after several companies warned about security issues from using Zoom. Recently, Germany and Taiwan have banned the use of Zoom in their nations. The New York City officials stated that schools in the City will no longer be allowed to use Zoom for online teaching. Also, the Australia’s Defense Force and its MPs are barred from using Zoom services.
Security Flaws in Zoom App
Security researchers claimed that the Zoom application is vulnerable to remote attacks. According to cybersecurity expert Mitch@_g0dmode, Zoom’s video conferencing software for Windows is vulnerable to “UNC path injection” flaw that could let hackers steal Windows passwords and execute arbitrary commands on their devices. Soon after the vulnerability was identified, the company fixed the issue by releasing a patch. The CEO of Zoom, Eric Yuan, addressed the security issues and stated that a patch has been released to fix the UNC vulnerability. The fix will be pushed out automatically to all the users.