While we are socially distancing and self-isolating during the COVID-19 pandemic, there is one aspect of our lives which should be watched over with equal fervour: our data. That said, during lockdown, in an attempt to stay in touch with colleagues and our loved ones, we have turned to the comfort of large-group video-conferencing apps, which have seen surges in sign-ups.
But recent reports of lakhs of Zoom accounts being hacked and distributed across the Dark Web, and reports of malware being slipped into our devices through Houseparty are worrisome with users wondering how safe they are.
Security architecture
Gautam Kumawat, a cybercrime investigator and hacker, speaks about Zoom and Houseparty’s security architecture. Gautam explains that he hosts regular webinars about cybersecurity via Zoom, and that he has used Zoom for more than five years. Zoom can have up to 100 participants, regardless of whether it is a free or paid plan, and 500, if there is a Large Meeting add-on.
“I have seen Zoom come a long way in its development,” says Sameer, “That said, many people are still using the same passwords across different platform sign-ups, which is not advisable. How do we know this? When the Zoom leak happened, the hackers got a hold of credentials which they discovered comprised the same passwords as the users’ personal Gmail, net-banking portals and so on. Please, use a different and difficult-to-guess password. And please use a password to lock your meetings as soon as everyone invited has joined, even if it is a personal hangout.”
- Already trending: Skype, Google Hangouts, Zoom, Houseparty, Cisco Jabber, Cisco Webex, GoToMeeting, Microsoft Teams
- Telegram is currently testing a video-calling interface
- Facebook Messenger Rooms , a direct competitor to Zoom, is set to launch in certain countries, as announced in a Facebook livestream by CEO Mark Zuckerberg on April 24. The app lets up to 50 people ‘drop in’, as long as the meeting room is still unlocked.
On April 12, the Ministry of Home Affairs issued an advisory stating that Zoom is not a safe platform. Interestingly, ahead of the release of Zoom 5.0, Sameer Raje, India Head, Zoom Video Communications, shares that Zoom actually acted quickly on the breach and started implementing the new upgrades, which included: adding a security button at the front of the video-chat interface so that the host can lock the meetings to prevent unwanted and unknown members from joining said meetings, disabling the screen-share option for all members in a meeting except the host, and more.
Sameer adds, “We saw a whole new set of users as a result. We embarked on a journey to coach our users — young students, teachers, and individuals wanting to host a house-party; those who may not know how to use our platform securely or adhere to the best practices of being in the cyber-world. We want people to approach Zoom’s security as they would in a physical sense, in that you would never leave your home without locking up, so do the same for your meeting room on Zoom.” That said, on April 23, Zoom announced the release of Zoom 5.0, expected to roll out this week globally.
Encryption of meetings is one of Zoom’s USPs, says Sameer. Zoom 5.0 will also feature AES 256-bit GCM encryption which, “will raise the bar to secure our users’ data in transit,” says Oded Gal, CPO of Zoom, “On the front end, I am excited about the security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and centre for our meeting hosts.” Gautam says this level of encryption is secure and, teamed with best practices from users, their video-chat experiences should be safe.
Refuting reports
MetroPlus also reached out to Houseparty and Epic Games (of which the platform is a part) but there was no comment from either party. However, on April 2, the Houseparty website posted a statement from its CEO and co-founder Sima Sistani, “Houseparty is secure. There have been no data breaches and no exposure of customer data or third-party accounts. Immediately upon hearing these false reports, we assembled an internal team who worked alongside external experts to investigate. We determined these claims were not true. When you’re using Houseparty to have a face-to-face social connection with the ones you care about, you should not have to worry about the security of your data. We take this seriously and it’s a core part of our values. We aim to be best-in-class in this area.”
Houseparty co-founder Sima Sistani
Sima adds in the same statement, “While we’re on the topic of your data, we want to make a promise to you: Houseparty has not ever sold your data and will not ever sell your data. Ever. We’re going to update our Privacy Policy next week to make it much clearer on this and other topics.” According to market analysts at Sensor Tower, Houseparty downloads for March 2020 were at 17.2 million, and analysts at App Annie say this is an increase of 2902% from February 2020.
Software developer Simran Kaur in Delhi uses Houseparty often to keep in touch with her cousins around the globe.
She admits, “In the IT industry, I work with a lot of classified data and if an app I had loved using was enabling any breach, it would have had serious consequences for my career and my personal data. I use Houseparty because not a lot of other platforms have the perks of multi-caller, fun effects and few interface glitches. Plus, for work, we use Zoom and we’ve been taking seminars to make sure we use the platform appropriately.”
Hackers know too well how reliant we netizens are on technology to stay as humanly connected as possible. The question of ‘privacy versus party’, however, remains, and whether users feel comfortable using these platforms is still a proprietary choice despite the advisory.
Published - April 27, 2020 03:43 pm IST
