Privacy and Data Protection: What Lies Ahead for Zoom?
Cyber security intelligence firm Cyble informed Bleeping Computer about Zoom accounts being hacked and sold on Dark Web for less than a penny each, while some may be sold for free on hackers forums for Zoom-bombing and other malicious activities.
Zoom, a video conferencing App, enjoyed the stream utilisation since the outbreak of coronavirus and has become a work from home staple. With about 200 million people active on an everyday basis to stay connected during quarantine in March, the app had become the most famous tool to address academic and work-related information. However, the Zoom users soon started stacking up due to the security loopholes especially in the US, Taiwan, Germany and India. Pointing out Zoom’s vulnerability, the Cyber Coordination Centre, Ministry of Home Affairs, Government of India, issued a 16-page advisory in April, warning all Zoom users against the susceptibility of the app.
Privacy and Security Challenges
The most popular issue of Zoom has been Zoom-bombing, where the uninvited users keep featuring inappropriate content by hacking the meeting room code. Many users reported of pornography and Swastika symbol shown on the Zoom share screen through different user accounts to make it difficult for the host to block the content. A report by The Intercept came in early April, revealing the truth behind the claim of Zoom meetings to implement the use of end-to-end encryption, proving that the app is decrypted by TLS, which makes it possible for others to access the data. Without the end-to-end encryption, Zoom technicians can access the data invading the privacy of private meetings. The doubt arises as Zoom, unlike many other companies like Google, Facebook and Microsoft, do not publish its transparency report regarding the request received by governments for user’s data. Access Now, a global civil society organisation issued an open letter to Zoom, stating Zoom to present the transparency report for a better understanding of users’ data protection.
Also Read : Inside Dark World Deep Web
Hence, they suggested the use of alternatives like Microsoft Teams, Face Time, Skype, GoToMeeting, etc.
A complaint has been filed against Zoom Video Communications Inc. in San Francisco Federal Court, accusing the company of concealing the truth about the shortcoming in the security of the software, including the disclosure of users’ private data to a third party, i.e., Facebook. Cyber security intelligence firm Cyble informed Bleeping Computer about Zoom accounts being hacked and sold on Dark Web for less than a penny each, while some may be sold for free on hackers forums for Zoom bombing and other malicious activities.
The account information includes users email ID, password, personal meeting URL and their HostKey. Also, Intelligencer informed Zoom users about install issues of Zoom app, invading the privacy of macOS, gaining root access to users’ computer, including the ability to gain users microphone and turning on the web camera.
Measures Taken by Zoom
Zoom Founder and CEO Eric S Yuan in an interview has admitted the company’s fault and said “Our service was built to serve big and large enterprise customers. However, during this COVID-19 crisis, we moved too fast…Our intentions to serve customers are good. However, there have been some missteps”. Zoom being the centre of privacy storm further made him announce feature freeze for 90 days, which will be utilised by the engineering resources to focusing on privacy and security issues.
Zoom has increased its password complexity where the basic users can now configure minimum meeting password requirement with the use of alphanumeric passwords instead of numerical password.
On 1 April, Zoom published a blog apologising for the encryption confusion and announced Zoom 5.0, an updated version providing better security upgrading AES 256-bit GCM encryption to provide the maximum amount of privacy while supporting diverse needs of clients. Zoom is yet not satisfying its previous claims to provide users with end-to-end encryption, though it is now moving in the right direction. All security issues are eventually being addressed by the company and from 9 May, Zoom hopes to eliminate all security issues with the help of basic features, allowing the app to be a trustable one, giving users a free and safe account.
In today’s world, data theft can be termed as heinous crime based on human rights approach. It can be a great threat to the national security of the country. Considering these, the Indian Government said Zoom app is not safe and issued new guidelines for all Zoom users after receiving various complaints and banned the use of Zoom by all government officials for official purpose. It further suggested security configurations to set new ID and keep chaining their passwords to avoid DOC attacks along with updating the software wherever the new update comes.