Zoom Can Be Hacked To Steal Critical Data, Warns Govt Agency; Zoom Becomes India’s #1 App
Since the nationwide lockdown has forced the employees to work from home, ‘Zoom’ has become a popular app for video conferencing. Hence it has topped the charts as the ‘most-downloaded’ Android app in India
The Computer Emergency Response Team of India (CERT-In), the national agency to fight the cyber-attacks and guarding cyberspace, said the unguarded usage of this application can be exposed to cyber-attacks, including leakage of sensitive office information to cybercriminals.
Read to find out more…
Zoom Becomes the Most Downloaded App in India!
Silicon Valley-based Startup, Zoom has climbed the charts and left behind many popular entertainment apps like WhatsApp, TikTok, and Instagram on Google Play Store in India. Zoom so far has over 50 million downloads on Play Store and the numbers are only going up.
The basic version of Zoom allows up to 50 participants to join a video conference call. The point of the app’s fame is that Zoom is the only app in the market currently that allows more than 10 people to join a call. This is the reason why it has become the most preferred app overnight for working professionals.
As Zoom gained popularity, WhatsApp slipped to the 5th position despite a surge in usage. The app with over 400 million users in the country has always remained in the top two.
With the majority of people working from home, Zoom became the go-to app as it specializes in remote working and video conferencing software. Zoom is one of the tech companies that has hugely benefited from the coronavirus pandemic so much so that Adweek called it the king of the quarantine economy.
Zoom recently became the epicentre of controversies after a tech website Motherboard reported that the iOS app shares user data with Facebook irrespective of whether a user has an account on Facebook or not. Founder Eric Yuan clarified in his blog that the protocols and processes for implementing features that share data with Facebook were being reviewed by the company. The app has also come up with an update to its iOS app to stop the private data being shared with Facebook.
Sensitive Information May Not Be Safe on ‘Zoom’!
The national cyber-security agency on April 2 issued an advisory warning the professionals and other users against the cyber vulnerability and outlining the safety measures.
The advisory stated, “Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease (COVID-19). Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx, etc. are being used for remote meetings and webinars.Insecure usage of the platform (Zoom) may allow cybercriminals to access sensitive information such as meeting details and conversations.”
CERT-In has suggested some measures for enhancing the security of Zoom meetings which includes keeping the Zoom software patched and up-to-date and always set strong, difficult-to-guess and unique passwords for all meetings and webinars. It said, “This is especially recommended for any meetings where sensitive information may be discussed.”
The advisory said, Enable ”waiting room” feature so that the call manager will have better control over participants; all participants can join a virtual ”waiting room”, but they will be approved by the call manager to be part of the actual meeting.
The agency has asked the operators of the platform to disable the ”join before host” feature as it lets others continue with a meeting in the absence of an actual host. This option enables the first person who joins the meeting to automatically become the host and have full control over the meeting.
The agency also said, “Alternatively, ‘scheduling privilege’ may be given to a trusted participant to host the meeting in the absence of an actual host.” Some other contradictory-measures included: If not required, restrict or disable file transfers, ensure removed participants are unable to re-join meetings and if not required, limit screen sharing to the host only.
In addition CERT-In also stated, “Lock the meeting session once all your attendees have joined and restrict the call record feature ”allow record” to trusted participants only.”