Use of Zoom app with security weaknesses cause of concern

By Anindya Banerjee

April 13, 2020(IANS) New Delhi: Defence Minister Rajnath Singh held a video conference with Chief of Defence Staff General Bipin Rawat and the chiefs of army, navy and air force on April 1. “The armed forces and the MoD are fully prepared to face any situation,” Singh tweeted.

Only issue was that Singh was using an app that has created the worldwide security scare due to its links to China.

Citizen Lab, a Canada-based independent research organisation, has found that Chinese servers are being used to distribute encryption and decryption keys for video links on Zoom. In all probability, the Chinese servers were used by Singh for the video conference with the security forces brass, leaving it vulnerable to breach.

It’s not just Singh, more Indian leaders are using this easy-to-use medium. In one such video conference with high-ranking officials, Commerce & Industry Minister Piyush Goyal can be spotted using the same platform – Zoom. It shows Goyal talking to officials, while using his MacBook Air.

On April 10, ICCR chief Vinay Sahasrabuddhe organised a virtual press conference with the Agriculture Minister where Narendra Tomar talked about how the government planned to minimise the loss for the sector. This too was organised through Zoom. In fact, a link for the same was also sent to participating journalists.

But why is Zoom problematic? “We suspect keys may be distributed through these (Chinese) servers. A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China,” the Citizen Lab researchers warned.

The suspicion proved to be true. The chief executive of the video conferencing app apologised for “falling short” on security issues and promised to address concerns. Eric S Yuan, the founder, himself is a Chinese American.

“Ex-NSA (National Security Agency) hacker Patrick Wardle identified a series of issues, including a flaw that leaves Mac users vulnerable to having webcams and microphones hijacked,” the BBC reported.

In other words, Goyal’s MacBooks webcam and microphone could also be vulnerable, if this assertion of the former NSA hacker is true.

Meanwhile, Google has reportedly banned the Zoom app from all employees’ computers over ‘security vulnerabilities’ and Singapore has banned teachers using Zoom after hackers posted obscene images on screens.

Earlier this month, according to a report by Reuters, Elon Musk’s SpaceX had also banned employees from using Zoom over security concerns.

According to a report by social media platform Blind, 12 per cent users have reportedly stopped using Zoom and 35 per cent professionals are worried that their information may have been compromised.

Pawan Duggal, India’s foremost cyber security expert, calls Zoom a “glitzy timebomb”. “It looks nice, but it’s deadly,” he reasons.

But Indian leaders seem oblivious to these statistics. Not only the Bharatiya Janata Party (BJP), but the Congress also holds video conferences through Zoom, where likes of Congress chief Sonia Gandhi has taken part. She used it to address the Congress Working Committee (CWC) as well as a meeting of state party chief.

In fact, all the virtual pass conferences of the Congress that take place at 1 p.m. are through Zoom. Chief Ministers Captain Amarinder Singh and Bhupesh Baghel, and senior leaders, like Anand Sharma and Ghulam Nabi Azad, continue to use Zoom.

Ever since the government announced a 21-day nationwide shutdown, forcing not just companies but also political parties to work from home, the company has seen a huge boom in India. The daily downloads for Zoom have increased from around 1,70,000 in the middle of February to nearly 2.5 million in late March.

Duggal told IANS, “If you are a policymaker, public figure or corporate honcho, Zoom is not your go-to place. It’s proven Zoom is not end-to-end encrypted. Its China link is concerning. It has a dubious privacy record. Indian leaders should learn from Britain where cabinet meetings on Zoom came online.”

Though, government sources indicate the National Informatics Centre (NIC) has stepped in to suggest what app scan be used as mode of secure video conference.

However, the use of Zoom by the government, the security and the trade honchos as well as top politicians, that is conceded to be routed through China, should ring alarm bells across the corridor of power.