The Cyber Coordination Centre (CyCord) under the Ministry of Home Affairs (MHA) have released a detailed advisory on use of the Zoom video-calling app. The advisory clarified that the Zoom platform should not be used by government officials for official purposes as it is not safe. India’s Cyber Emergency Response Team (CERT-In) had also issued multiple warnings previously on the use of Zoom app for video conferencing. The latest CyCord advisory by MHA have also issued guidelines for safe usage of Zoom by private individuals for unofficial purposes only. Here are eight reasons why the Zoom video-calling app is unsafe.
1- Cert-In states that insecure usage of Zoom may allow cyber criminals to access sensitive information
2- Zoom conferences can be hacked. Recently a meeting by BARC had to be stopped due to hacking
A Zoom virtual conference of the Broadcast Audience Research Council (BARC) had to be stopped midway because of a “hacking” episode where miscreants took control of chat windows on the app.
3- Even authorised Zoom meeting participants can carry out malicious activity, alerts CERT-In
Authorised Zoom meeting participants can carry out malicious activity on the terminals of others in the conference.
4- Uninvited people can join a meeting if Zoom app is not used carefully
5- The MHA advisory hints that Zoom can be used for Denial-of-Service (DoS) attacks
6- Confidential data may get leaked through recording feature if someone doesn’t know how to use Zoom securely
7- The Zoom app doesn’t offer end-to-end encryption
Zoom meetings aren’t end-to-end encrypted as claimed by the company. The security features of the Zoom app are similar to using the web over HTTPS. While the connection is secured the video calls can be decrypted by a third party.
8- The Zoom app was reportedly found to be leaking personal emails and photos
The Zoom app had an issue with its ‘Company Directory’ setting that may have leaked user emails and photos.