The Ministry of Home Affairs on Thursday said the Zoom app is not a safe platform for video conferences as it is vulnerable to exploits by hackers.
The government issued a set of guidelines for the people who wish to use the Zoom app for private purposes.
Since the lockdown was imposed in the wake of the coronavirus outbreak in India, the Zoom app is being widely used for official and private purposes to remain connected with colleagues and friends.
“Zoom is a not a safe platform and advisory of cert-in on the same dated Feb 06, 2020, and March 30, 2020, may kindly be referred. These advisories are available on Cert-In website,” the MHA advisory said.
It listed a set of guidelines for the users who wish to continue the use of the app.
“Those private individuals who still would like to use Zoom for private purposes may kindly follow the following guidelines,” it said.
The video meet app has also become a treasure trove for both ethical and not-ethical hackers who have zeroed in on the video conferencing app to find privacy and security bugs and make money.
One hacker interviewed by Motherboard, who claims to have traded exploits found in Zoom on the black market, said Zoom flaws typically sell for between $5,000 to $30,000.
The vulnerabilities—everything from webcam or microphone security to sensitive data such as passwords, emails, or device information—are being sold on the Dark Web.
However, hackers said that Zoom flaws don’t sell for high figures compared to other exploits.
Zoom app has started facing criticism as reports of “Zoombombing” and other privacy issues started surfacing from different parts of the world.
Citing privacy and security concerns, Google has banned the video meeting app Zoom for its employees.
Zoom founder and CEO Eric Yuan has apologised for the privacy and security issues or Zoombombing being reported in his app.
Citizen Lab, a Canada-based independent research organisation, has found that Chinese servers are being used to distribute encryption and decryption keys for video links on Zoom, a news agency reported.
Earlier this month, according to a report by another news agency, Elon Musk’s SpaceX had also banned employees from using Zoom over security concerns.
According to a report by social media platform Blind, 12 per cent users have reportedly stopped using Zoom and 35 per cent professionals are worried that their information may have been compromised.
Pawan Duggal, India’s foremost cybersecurity expert, calls Zoom a “glitzy time bomb”. “It looks nice, but it’s deadly,” he reasons.
Experts from cybersecurity firm Kaspersky Lab said they investigated the threat landscape for social meeting applications to make sure users are safe and their communication experience is enjoyable.
“Subsequent analysis detected around 1300 files that have names similar to prominent applications like Zoom, Webex, and Slack. Social meeting applications currently provide easy ways for people to connect via video, audio or text when no other means of communication are available. However, cyber fraudsters do not hesitate to use this fact and try to distribute various cyber threats under the guise of popular apps,” Kaspersky said in a statement.
According to Rafi Kretchmer, head of product marketing at cybersecurity firm Check Point, cybercriminals will always seek to capitalise on the latest trends to try and boost the success rates of attacks, and the coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organisations.
“This has meant a significant increase in the attack surface of many organisations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organisations need to protect themselves with a holistic, end-to-end security architecture,” Kretchmer said in a statement.