After the lockdown situation because of the COVID-19 outbreak in many countries, ‘Zoom’ a video calling app (cloud meeting) became popular and got millions of users in a short time. After being in trend the Zoom app was accused of flaws in its security.
In the lockdown situation when people are working from home, conducting meetings on Zoom and other third-party apps. At the same time, security is the main concern and the application doesn’t offer end-to-end encryption which also raises the question on the security of the app. The security features are similar to using the web over HTTPS. While the connection is secured the video calls can be decrypted by a third party.
Many Organisation has accused the app on its security and leaking personal emails and photos.
The ministry of home affairs has red-flagged the video conferencing facility calling it ‘unsafe‘ through its Cyber Coordination Center (CyCord) on 16 April. Previously on 30 March, the Indian’s Computer Emergency Response Team (CERT-IN) said the application was vulnerable to cyber attacks, including leakage of critical information.
The allegation of data leak also came from the Broadcast Audience Research Council (BARC) when a Zoom virtual conference had to be stopped midway because of a hacking episode, where hackers took control of chat windows on the app.
Noticing all the accusations from different organizations Government asks all ministers and staff to avoid conducting meetings on third-party apps such as Zoom.
Zoom Key Changes on Security
On its security flaws Zoom CEO, Eric Yuan hosted a webinar where he talks about some key changes on the app. The list of security features are here,
- New security icon.
- Changes to data center routing
- Meeting IDs and Cloud recordings
- Password protected cloud recordings
- Chat settings for desktop and more.
Earlier this month, the company hired Alex Stamos, a Facebook’s former chief security advisor. He cleared doubts about whether Zoom’s data were being made available for sale on the dark web. He said the credentials were stolen from elsewhere by people who have malware installed on their system.
Eric further mentioned, it has fixed issues related to missing data and delays on its dashboard. Moreover, the company also runs a bug bounty program, rewards users and security researchers for identifying bugs.