Zoom has recently provided reports about privacy problems in video conferencing. In addition to flagging security issues with the program, the Ministry of Home Affairs (MHA) said that the software was not a secure forum.
In issuing an advisory, the MHA has requested individuals who use the software to obey such protocols in order to secure meetings from hackers by triggering / disabling settings.
The aim of the guidelines was to: prohibit unauthorized intrusion into the meeting room; deter unauthorized participants from carrying out disruptive attacks on terminal of other individuals on the forum; and, through limiting users by passwords and access grants, avoid DoS (denial of service).
The advisory also states that certain configurations can be made by signing into the Zoom account for users at the website or on the PC / laptop / phone enabled device, as well as during the session. Many configurations are therefore only available through a specific device.
Here the protection configurations enumerated:
- Setting new user ID and password for each meeting
- Enabling waiting room for each user to enter only when the meeting host accepts him
- Disabling joining before the host
- Allowing screen sharing by host only
- Disabling “Enable excluded participants to rejoin”
- Restricting/disabling file transfer option (if not required)
- Locking meeting until all participants have entered
- Restricting file sharing option
- End of meeting (and not just leave if you are an administrator)
This follows the advice given earlier by CERT-in, India’s national cyber security agency, outlining security measures for both the operator and the users of the video conferencing app.
India’s Computer Emergency Response Team (CERT-In) said the digital application’s unregulated use may be vulnerable to cyber attacks, including leakage of confidential office information to cyber criminals.
“Many organisations have allowed their workers to work from home to avoid the spread of coronavirus disease (COVID-19). Electronic communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are used for remote meetings and webinars. Insecure use of the platform (Zoom) can allow cyber criminals to access sensitive information, such as meeting details and conversations.” the advisory stated.
The agency had suggested several steps to enhance the security of Zoom meetings that included: keeping the Zoom program updated and up-to-date, and always setting solid, hard-to-guess and specific passwords for all meetings and webinars.
“It is recommended particularly for any meetings where confidential information can be addressed,” it said.
In the below video, The FBI is issuing a warning about Zoom, telling users that they could be victims of hacking that could come with pornographic or hateful messages.
(Source: YouTube youtube.com/watch?v=9OlZ_vwEHXA)
Zoom launches new initiatives in the face of rising security concerns
CEO Eric Yuan of the company had already promised a few days ago in a blog post that they set themselves a month’s time to rectify all of the bugs in their app.
Zoom’s video conferencing app replied to reports that its platform is not stable and said that it has implemented multiple security measures to resolve the concerns of users.
CEO Eric Yuan of the company had already promised a few days ago in a blog post that they set themselves a month’s time to rectify all of the bugs in their app. Yuan has now shared some information on the different measures being taken and introduced online once more.
As per its update, say by April 18/19 this weekend, the app will provide users with the option of choosing which regions to route their data through. Perhaps, this is because many Zoom users expressed concern that the company’s servers were in China, and any data that passes through that country may be subject to snooping by the Chinese government. Zoom claims the servers based in China are either ring-fenced or defenced, so there will be no hosting of user meeting data from outside China. This choice is now being strengthened in the hands of the paying subscribers before the meeting commences.
The CEO had said in his previous post that the company has an ongoing bug bounty program in which anyone who can come up with security vulnerabilities in the device will be compensated. He also clarified this by saying they hired a cyber-security firm’s services to revamp this bug bounty scheme.
Leaks have been released that login details for Zoom users is being sold on the dark web. For this, the representative of the organization has said credentials can be stealed from the users’ computers and not necessarily from the Zoom app.
The other daily Zoom issue was ‘Zoom bombings.’ It is like photo bombing, where in the conversation some unknown third party unexpectedly pops up.
The company maintains that the sudden and unforeseen zooming of the use of the Zoom app from 10 million to 200 million due to the COVID-19 lockout has placed it in such an enviable role, and this sudden spike is attributable to some of the technical problems that are now known.
Only yesterday the Union Home Ministry had instructed all government departments to be careful when using the video conferencing device. Zoom may also face legal challenges, as some US attorneys are considering filing a complaint against it for violations of confidentiality.