Zoom rolls out new measures to tackle security breach as MHA warns against its use

A day after  Ministry of Home Affairs (MHA) issued an advisory saying video-conferencing application Zoom "is t a secure platform" for private individuals and advised against use, Zoom is rolling out a number of measures in view of  security breaching. Zoom has faced flak worldwide for data hacking amid coronavirus pandemic.

On Friday, chief executive of platform Eric Yuan laid out steps that company is taking against problems such as data hacking and harassment by individuals who crash sessions in what is referred to as "Zoombombing." By week's end, paid account holders will be able to select which regions ir data is routed through during ir sessions in a move apparently aimed at concerns over information passing through China where it might be subject to soping, said Yuan.

Silicon Valley startup also said that it is working with cyber-security firm Luta Security to overhaul processes and its "bug bounty" program that pays rewards to researchers who find security flaws in its operations. Zoom also addressed a recent report that users' log-in information was being sold by criminals on "dark web." Zoom's advisor Alex Stamos, former chief of security at Facebook said that credentials were likely stolen elsewhere on internet, or by malicious code slipped into people's computers. He added that it is t uncommon for hackers to take passwords and account names pilfered in data breaches and n check wher people use m for or online services.

READ | MHA says Zoom 't a secure platform'; issues advisory on us

"As a reminder, meeting servers in China have always been geofenced with goal of ensuring that meeting data of users outside of China stays outside of China," Zoom said in an online post.

Zoom said it is building systems to "detect wher people are trying out username and password pairings and block m from trying again." Improvements to Zoom security also include a toolbar to easily access features such as locking chats from strangers and making meeting password requirements a default setting. "To successfully scale a video-heavy platform to such a size with appreciable downtime and in of weeks is literally unprecedented in history of internet," Mr Stamos said in a post. " related security challenges are fascinating."

Apart from India, Singapore suspended use Zoom by teachers, and  New York school system banned videoconferencing platform based on security concerns.

MHA Says Zoom 't A Secure Platform'

Amid concerns over security flaws and privacy breach of users, Ministry of Home Affairs has issued an advisory saying video-conferencing application Zoom "is t a secure platform" for private individuals and advised against use by government offices/staff for official purposes. popularity of video conferencing platform skyrocketed after lockdowns and stay-at-home orders owing to COVID-19 pandemic which laid bare security flaws of application.

READ | Video Calling App Zoom Sued By Its Shareholder For Hiding Security Flaws

MHA gave  following guidelines to be followed in app's settings:

• Create a new user ID and password for each meeting
• Create a waiting room in app so that a user will be able to enter meeting only when host gives him permission
• Disable Join feature before hosting
• Allowing Screen sharing by Host only
• Disabling "Allow removed participants to re-join"
• It is recommended to restrict or disable file transfer
• When all participants have joined, it has been advised to lock meeting
• Restrict  recording feature
• To end meeting (t just leave, if you are an administrator)

Hacked data for sale

A recent report on Zoom app has revealed that hackers of social platform are selling user data online on Dark web for ₹23 lakhs. exploits that are being sold include webcam data, microphone and all incorporated data in between. such as passwords, emails and device information. vulnerabilities of video app have led to this major privacy issue for its users.  San Jose, California based company has come under intense scrutiny from authorities in United States, Germany and Singapore over security concerns. 

READ | German Foreign Ministry Restricts Use Of Zoom App Amid Reports Of Security Flaws

Zoombombing

Zoom is also charged for 'Zoombombing' its users where random people joined a video conference.  social platform is also being blamed for selling its user data to Facebook without users’ consent. users have also reported that video app has an unpatched bug that lets hackers steal Windows user data and passwords.

Reports of “Zoombombing” flooded internet where users complained about interruptions by uninvited guests and posting hateful messs during online sessions. On April 1, Zoom CEO Eric Yuan apologised to its users saying company fell short of clearly conveying encryption practices and incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.

READ | Singapore Stops Zoom For Online Education As Hackers Strike

(inputs from ncies)