Security Concerns with popular video conferencing app ZOOM; CERT-India issues advisory on safety measures

Cyber chief, Lt. General Rajesh Pant, warns PM COVID-19 fund at risk of hackers.
14 May 2020

Security concerns with the popular video conferencing application, Zoom, came into light during a media briefing conference by television body BARC last Thursday.

The Broadcast Audience Research Council (BARC), which was hosting a virtual conference to inform people about TV and smartphone consumption trends amidst the lockout, was forced to stop the briefing halfway due to the episode of “hacking”.

Lockdowns around the world due to the COVID-19 pandemic have forced service professionals to work from home, have made applications such as Zoom, Teams and Google the most popular way to host meetings. Since the beginning of this year, the security firm has seen approximately 1,700 new domains registered using the word “zoom” in one way or another, 25% of these new registrations having occurred in the past few days .

Cyber-mafias are taking advantage of the increase in online meetings of professionals in the service industry and online learning, from kindergarten to grade 12 and universities opting to continue teaching at a distance. This somehow resulted in the creation of fake domains using Google Classroom by replacing googleclassroom.com with googloclassroom.com, googieclassroom.com, etc.

The increased video conferencing activity due to COVID-19 has given cybercriminals the opportunity to use typosquatting and URL hijacking by imitating many of the top conferencing platforms.

The Computer Emergency Response Team of India (CERT-In) warned against the cyber vulnerability of ‘Zoom’ application and issued an advisory outlining the safety measures for the operator and the users.

“Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations,” it said. The agency suggested a few steps to improve the security of Zoom meetings, including: Keeping the Zoom software patched and up to date and always set strong, hard-to-guess and unique passwords for all meetings and webinars.

“This is particularly recommended for all meetings where sensitive information can be discussed,” it added.

Enable the ‘waiting room’ feature so that the call manager has a better control over participants; all participants can join a virtual ‘waiting room’, but they will be approved by the call manager to be part of the meeting itself, the advisory said.

It asked platform operators to turn off the “join before host” feature as it allows others to continue a meeting in the absence of an actual host. This option allows the first person to joins the meeting to automatically become the host and will have full control of the meeting.

“Alternatively, a “scheduling privilege” can be granted to a trusted participant to host the meeting in the absence of an actual host,” it added.

Some other counter-measures are as follows: If not necessary, restrict or disable file transfers, make sure that removed attendees cannot re-join the meetings, and if not required, limit the screen sharing to host only.

“Lock the meeting session after all of your participants have joined and limit the call recording function “allow recording” to trusted participants only,” it added.

Leave a Reply

Your email address will not be published. Required fields are marked *