Cyber Co-ordination Center of the Ministry of Home Affairs issued an advisory in line with the use of the zoom video conferencing app which is gaining popularity globally amid the coronavirus lockdown.
The center also issued a set of guidelines for ensuring its safe usage by private individuals.
Earlier, Indian Computer Emergency Response Team (CERT-In) issued two advisories- on February 6 and in March, as an alert on the use of Zoom for office meetings.
The advisory came after several data leaks and other privacy issues allegations were imposed on the video conferencing platform.
Zoom app, a U.S. based video communication platform observed a mounting rise in its usage across the world as a result of work from home models adopted by institutions during the coronavirus lockdown.
The software used by the video conferencing app Zoom is said to be made in China and also that some calls were being routed through servers in China.
Zoom facing criticism: Citizen Lab findings
Citizen Lab, University of Toronto, in their research, found “significant weakness” in Zoom’s encryption that protects meetings done using the teleconference app.
Several potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China were also identified.
According to the Citizen Lab, when Zoom was a Silicon Valley-based company, it appeared to own three companies in China through which at least 700 employees were paid to develop Zoom’s software.
On which the report stated, “This arrangement is ostensibly an effort at labour arbitrage:
Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.”
Zoom founder and CEO Eric S Yuan in a blog dated April 1 said that the usage of Zoom mounted overnight, which includes over 90,000 schools across 20 countries.
At the end of December 2019, the maximum number of daily meeting participants were approx. 10 million, which grew to 200+ million daily in March 2020. Going by the words of CEO Yuan, “However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations.
For that, I am deeply sorry, and I want to share what we are doing about it,”
Zoom’s CEO accepted few errors and pledged to address two primary topics highlighted by Citizen Lab- meeting encryption and geo-fencing.
As per the latest company blog, dated April 15, after the second weekly session of a webinar wherein Mr Yuan gives updates on Zoom’s ongoing privacy and security efforts, Zoom has worked on its privacy and security attributes by incorporating additional features including a new security icon in the meeting controls, changing Zoom’s default settings and also enhancing meeting password complexity and others.
Also, the account admins will have the ability to choose whether or not their data is routed through specific data center regions.
CERT-In on Zoom
“Zoom is a popular video conferencing platform. Insecure usage of the platform may allow cybercriminals to access sensitive information such as meeting details and conversations.”
Another note issued by CERT-In stated that multiple vulnerabilities had been reported in the videoconferencing platform “which could allow an attacker to gain elevated privileges or obtain sensitive information.”
MHA issues Advisory on Secure use of ZOOM Meeting Platform
The Cyber Coordination Centre (CyCord), under the Union Ministry of Home Affairs (MHA), has issued an advisory on secure use of ZOOM Meeting Platform by private individuals.
This advisory states that the platform is not for use by Government officers/officials for official purposes.
The document makes reference to earlier advisories of the Indian Computer Emergency Response Team(Cert-In) and states that Zoom is not a safe platform.
The guidelines have been issued to safeguard private individuals who would still like to use the platform for private purposes.
The broad objective of this advisory is to prevent any unauthorized entry into a Zoom Conference Room and prevent the unauthorized participant to carry out malicious attacks on the terminals of other users in the conference.
The details of protective measures to be taken by individuals may be accessed in the document attached at this link.
Government of India’s Ministries on Zoom Videoconferencing app
Several ministries have been using the zoom app for their video conferencing (official meetings). These include;
- Union Health Ministry
- Ministries of Civil Aviation, Road Transport and Small and Medium Industries
- Sports Minister Kiran Rijiju (Interaction with sports coaches on Zoom)
- Tribal Affairs minister Arjun Munda
- Defence Minister Rajnath Singh
- BJP chief J.P Nadda
- Ministry of External Affairs (MEA) used the platform for video interaction with around 60 journalists, which was conducted after MHA issued advisory