Daily Updates

Zoom- Not a Safe Platform: MHA

• 17 Apr 2020
• 5 min read

Why in News

Recently, the Ministry of Home Affairs (MHA) has issued an advisory that Zoom video conference is not a safe platform.

• The Indian Cyber Crime Coordination Centre (I4C) of the MHA issued a set of guidelines for the safe usage of Zoom by private individuals.

Key Points

• Zoom has seen an exponential rise in usage in India as office-goers remain at home due to the lockdown, imposed to curb the Covid-19 pandemic.
  
  • Over 90,000 schools across 20 countries have started using it regularly.
  • The maximum number of daily meeting participants of approximately 10 million at the end of December 2019 grew to more than 200 million daily meeting participants in March.
  • It has been used extensively by everyone including the central and state ministers for official purposes and conducting meetings.
• Zoom is a US-based video communication and videoconferencing platform.
  
  • This Silicon Valley-based company appears to own three companies in China through which at least 700 employees were paid to develop Zoom’s software.
  • This arrangement is apparently an effort at labor arbitrage in which Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin.
  • However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
  • Reportedly, few calls made through the app are routed through servers in China.
• Earlier, the Computer Emergency Response Team, India (CERT-In) had also issued advisories cautioning on the use of Zoom for office meetings.
  
  • It warned that the insecure usage of the platform may allow cyber criminals to access sensitive information such as meeting details and conversations giving rise to cyber frauds.
  • It also highlighted multiple vulnerabilities which could allow an attacker to gain elevated privileges or obtain sensitive information.
• Citizen Lab, based at the University of Toronto, found significant weakness in Zoom’s encryption that protects meetings.
  
  • It identified the transmission of meeting encryption keys through China.
  • The lab has raised two primary concerns- geo-fencing and meeting encryption.
• Zoom Founder and CEO Eric S Yuan has apologised and assured the people that the privacy and security expectations would be taken care of.
  
  • Zoom has added additional features such as placing a new security icon in the meeting controls, changing Zoom’s default settings and enhancing meeting password complexity, among others.
  • It has also added that soon, account admins will have the ability to choose whether or not their data is routed through specific data center regions.
• Suggestions by the Ministry
  
  • The users are suggested to set strong passwords and enable “waiting room” features so that call managers could have better control over the participants.
  • Users should also avoid using personal meeting ID to host events and instead use randomly generated meeting IDs for each event.
  • People using the app should not share meeting links on public platforms.

Source: TH