The National Stock Exchange has advised companies to refrain from using online communication software Zoom to discuss and share classified/sensitive information.
“If it is absolutely necessary to discuss official meetings/discussions, then sufficient precautions needed to be taken to avoid leakage of personally identifiable information or other details of sensitive nature,” it said in a statement.
Many organisations are allowing their staff to work from home amid the lockdown. Online platforms such as Zoom, Microsoft Teams and Teams for Education, Slack and Cisco WebEx are being used for remote meetings and webinars.
“It is observed that some of these apps are not secure and are vulnerable to be exploited, thus revealing users’ identity, location or content of the discussion. Zoom is getting more popular... these days and it is noticed that a large number of people are using Zoom meeting for communication,” it added.
“All members are hereby notified and requested to undertake appropriate actions as applicable to their environment,” it further cautioned.
Video meeting platforms use a combination of Transmission Control Protocol and User Datagram Protocol for end-to-end (E2E) encryption. The encryption that Zoom uses to protect meetings is TLS (Transport Layer Security), which is different from E2E encryption. With TLS, the video and audio content stay private from anyone spying on Wi-Fi, but not from the Zoom company itself. Without E2E encryption, Zoom has the technical ability to spy on private video meetings, the statement said.