Zoom App May Be Vulnerable to Cyber Attacks: CERT-India
Zoom recently said that it caters to 200 million daily meeting participants up from 10 million in December 2019.
Zoom on Wednesday announced in a blog post that it reached more than 200 million daily meeting participants on its platform, up from 10 million in December 2019. This rapid surge in popularity of the app has come under serious scrutiny by various internet privacy groups, including the Indian Computer Emergency Response Team (CERT-IN).
Zoom is no stranger to privacy attacks. Recent cases of Zoom bombing, which the company has acknowledged in its blog, and a bug in the iOS app that sends user data to Facebook have mired the popular video-conferencing app in controversy.
CERT has further cautioned users against the cyber vulnerability of Zoom, saying that the unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to cybercriminals.
"Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations," it said in its advisory.
Zoom's founder and CEO Eric Yuan also mentioned that the company has fallen short of the community's privacy expectations, and apologised for it in the blog post released by Zoom.
"We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socialising from home," said Yuan.
What CERT-India Recommends
The agency recommended a few safety measures for users to enhance the security of their Zoom meetings.
- Keep the Zoom software patched and up-to-date
- Set strong, difficult-to-guess, and unique passwords for each meeting
- Enable 'waiting room' feature for better control over all participants
- Lock the meeting session once all your attendees have joined
Zoom Freezes Features to Focus on Privacy
To strengthen its privacy policies, Yuan announced that Zoom is enacting a 90-day feature freeze and will shift all its engineering resources to focus on privacy issues.
Yuan also announced a slew of measures that the company will undertake to better identify, address, and fix issues.
- Conducting a third-party review to ensure the security of all new consumer use cases
- Preparing transparency reports that details information related to requests for data, records, or content
- Starting a weekly webinar with Yuan talking to the community about privacy and security updates
“Transparency has always been a core part of our culture,” says Yuan. “I am committed to being open and honest with you about areas where we are strengthening our platform and areas where users can take steps of their own to best use and protect themselves on the platform.”
(With inputs from PTI)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.