The Department of Information Security has warned people not to use Zoom Cloud Meetings because of its security vulnerabilities.
The video conferencing app has been making headlines recently for security breaches, leakages of personal information and unauthorized entry for people to meetings and online lessons, now dubbed zoombombing.
The Vietnam Cyber Emergency Rescue Center (VNCERT) and the Department of Information Security under the Ministry of Information and Communication said the leaked contents from Zoom include emails, passwords and URLs of meetings with chat room passwords attached.
Since early 2020 many security issues have been discovered but not completely fixed by the company, a California-based publicly traded one.
One of them is a breach that allows hackers to see images from the meeting without a username or password, one that has not been patched yet. An error on Zoom version 4.6.8 can put users’ computers at risk of being hijacked remotely. There is another security hole that helps hackers gain unauthorized access to cameras and microphones of users.
The Department of Information Security said government agencies and organizations should not use Zoom for online meetings, and enterprises, organizations and individuals should also reconsider using the application.
With online learning and meeting software, users need to update to the latest version, download applications from their official websites, use complex passwords and do not share meeting room information widely, it said.
Zoom Cloud Meetings has been one of the most used remote meeting apps by companies and schools during social distancing to combat Covid-19.
On March 27 the Zoom app on iOS was discovered sending user data to Facebook, including detailed information about users’ devices, time zones, cities, networks, and advertising ID. A few days later Zoom removed this feature.
On April 1 tech website Motherboard discovered that Zoom revealed users’ email addresses and photos for strangers. The problem was related to the Company Directory feature, which automatically adds a group of people to a person’s contact list if they’ve registered with an email address with the same domain name.
A few days later another tech site, Bleeping Computer, warned that the Zoom Desktop Client software on Windows could be hacked to steal the password and calls on Zoom are not encrypted at all contrary to what the company claims.
The U.S.’s Federal Bureau of Investigation (FBI) has recorded a series of virtual classrooms and meeting rooms on Zoom, which were disrupted by hackers with offensive images and hate speech.
Last week the Singapore Ministry of Education banned the use of Zoom for online teaching after an anonymous man joined a classroom and harassed female students.
Many of Zoom’s other major customers, such as the U.S. military, the German government, Taiwan, Tesla, and SpaceX, have slapped similar restrictions.
Eric Yuan, co-founder and CEO of Zoom, publicly apologized for the recent information leakage scandal. He acknowledged that the company was growing too fast and did not notice security issues on the platform, and said it would stop developing new features for 90 days to focus on fixing bugs and adding safety settings.
In mid-March, Zoom surpassed Facebook and Tiktok on store charts to become the most downloaded application in Vietnam, as it has become a useful option for many schools and businesses in the country to maintain operations during the Covid-19 pandemic.