Zoom App by Zoom Video Communications is as off now the most used application to conduct online meetings for offices, schools and university classes and lectures. During the COVID-19 pandemic, it’s the most compelling option, and the reason is it’s free! Though, you can take a license and go for the premium and professional version also. There are multiple options available for US$15 and US$19.
Why Zoom? Reasons for Zoom’s popularity
- Coronavirus or Covid-19 has wholly altered the way businesses work. Country-wide lockdown is now a norm all around, not just in India but across the world. This has made a sustainable online channel of communication necessary for everyone.
- Zoom made the platform free for use.
It is a persuasive reason for the work from the home operators. There are many pros. Among a few worth mentioning here are:
- It’s free to use yet gets things done
- Easy to add and share links
- Is feature-packed, and
- It’s one of the easiest to use out there.
Zoom, at present, attracts approx thrice more users than Microsoft Teams.
Rise of Video Conferencing facilities
Many organisations are now needed to adapt to the situation, to survive, and come up with products befitting the situation. Companies like the TCS has now made a 75-25 plan, saying by 2025 they will expect only 25% of the staff working in the office and only 75% working through homes or other places. That will free the rentals and electricity and maintenance costs.
Other organisations also flocked to video conferencing solutions like Google Meet, Skype, Microsoft Teams, etc.
Working from home also means – fewer firewalls, less IT control and no more integrated or monitored workplaces. Therefore, they are also trying to change the ways less tech-savvy people use the internet. There are people using Zoom for hosting parties (cheers on the video), religious events (prayers or ceremonies), and even a UK cabinet meeting, increasing the number of users exponentially.
Ban on Zoom
The stock price of Zoom nearly dropped to 14.5% as of April 7, 2020, after security and privacy concerns bogged it down. Soon, New York City Department of Education, NASA, SpaceX, Google, among many other organisations, banned Zoom.
Here is a list of the bans imposed on Zoom App:
- US-FBI warned against its use after it received news of nuisance while using the platform from teachers in the US.
- Taiwan became the first country to ban Zoom and stated that if the platform is used, it will contravene the rules set out under its Cyber Security Management Act, 2019.
- Singapore has banned teachers using Zoom after hackers post obscene images on screens though later they had allowed usage with additional safeguards.
- On April 16, the Ministry of Home Affairs, India also issued an advisory, after the CERT-In flagged high-risk threats, stating that Zoom is not a safe platform and also laid down guidelines to ensure user safety.
Based on the problems highlighted, ZOOM CEO clarified:
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socialising from home. …We now have a much broader set of users who are utilising our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate.” Eric Yuan, CEO, Zoom Video Communications Inc.
The clarification also created a negative image for Zoom creating issues where governments had to intervene and issue statements about its usage.
MHA-1 Rupee challenge to Zoom
The Ministry of Electronics and Information Technology recently announced an Innovation Challenge for the Development of a Video Conferencing Solution under the Make in India Initiative. Interested teams or companies will have to suggest their ideas, and then ten teams will be selected. Each team will receive a funding of Rs 5 Lakh to build the prototype.
Issues with Zoom
Zoom came under the lens for its ‘attendee tracking’ feature which, when enabled, lets a host check if the participants are clicking away from the main Zoom window during a call. On April 2, Zoom permanently removed the feature.
Fake end-to-end encryption
It does not use end to end encryption. As a result, the company can see and use the data for things like targeted ads. This issue can create lots of risks on data, and privacy goes for a toss.
Sale of personal data
Uninvited attendees can access Zoom meetings and may harass participants. There have been many cases where pornographic material was put in the calls by unwelcomed guests. There are checks on this. The host can lock the meeting once it starts and ensures no outsider interferes.
Sharing data with Facebook
Zoom’s iOS app, like many other apps using Facebook SDK, was found sending analytics data to Facebook even if the user does not have a linked Facebook account. This feature was recently removed.
Zero-day vulnerabilities are undetected vulnerabilities in any software. Since they are undetected, no defence is available against their exploitation.
Since these are through mails, it allows the hacker (once in) to access the mails also.
Deleted, but not deleted
If any person clicked on the record function of the application, zoom and the cloud storage provider do not password-protect the video by default. Even if one deletes the video from zoom account, it is not deleted for several hours before disappearing. This can be subject to misuse.
Zoom uses a technique to install its Mac app, without user interaction using the same tricks that are being used by macOS malware, thus allowing the app to be installed without users providing final content.
Zoom was found using an undisclosed data mining feature that automatically matched user’s names and email addresses to their LinkedIn profiles when they signed in – even if they were anonymous or using a pseudonym on their call.
MHA WARNS AGAINST USING ZOOM. SHOULD YOU USE IT?
If something’s for free, you are the price. Nothing is for free. No matter how much we blame Zoom for its security and privacy overlook, the buck stops with us. The first reason is that Zoom needs to survive as a company. So, how does it do that if we don’t pay? It uses our data to generate revenue through ads (or even sell the data), the data that it collects when we use its application.
The second reason is, are we ever concerned about security and privacy? We only take reactive measures, if and when something bad happens to us. But security is all about being proactive. Most of the issues can be resolved with tightened security rules from the application itself.
Nevertheless, since the application has recently been listed on the security watch, it is certain that many more vulnerabilities would arise in the coming days. It poses a great threat to you and your meeting partners. So, will you continue zooming?
If you must continue with Zoom, protect yourself first.
Many security issues can be mitigated by getting the basics right. Some mitigating strategies are:
- Lock settings: Always use the locks, whatever setting you may set, lock them. Otherwise, users can disable the setting in their personal settings.
- Disable file transfer: Make sure that the file transfer feature is disabled.
- Do not use the same means to send weblink and password: Try to use two platforms so that your protection is there. Use one means to send web link (email) and others to send the password (e.g. SMS just before meeting starts)
- Frequently Update: All new changes are done to ensure all new updates are better than old. Updates are the first line of defence to any attack. So, update as early as possible, as frequently as possible.
- Use the ‘waiting room option’: Set up meetings so that participants can’t join until you open it up.
- Take control over screen sharing: By default, any participant using Zoom can share their video, screen and audio. Limiting the screen sharing feature to the host would stop any Zoom bombing.
- From setting and controls, ensure removed participants are unable to rejoin meetings.
- Use random meeting IDs and set meeting passwords: Hackers are selling known meeting IDs, previously stolen ones and newly leaked ones, and attackers can use them. So, use random meeting IDs and set passwords.
- Pick proper passwords: New users are using passwords that have already been cracked elsewhere. The US cyber-security firm Cyble have detected over 5 lakh Zoom account credentials available for sale online on the Dark Web. According to a report on Business Standard, BleepingComputer spoke to Cyble, and the experts at the firm noticed the influx of Zoom accounts for sale on April 1. It purchased more than 5.3 lakh credentials at a bulk price of $0.002 per account. Some accounts are even shared for free, it said.
- Restrict/ disable the call record feature.
Hence, use Zoom with utmost care; otherwise, your privacy can be used or misused.