Several Founders, Co-Founders, CXO Bankers, CXO Fintech professional & people who participated in the ePanel discussions:
- Mr. Ashish Deshpande, Regional Sales Manager, Oracle
- Mr. Sunil Gupta, Co-founder & CEO, QNu Labs
- Mr. Raghu Veer Dendukuri, Founder, Ideal Nation, and Solution Architect at Invincible Tech Systems Inc.
- Mr. Vikram Sareen, Co-Founder & Digital Transformation Architect, The Advisory Network
- Mr. Shirsha Ghosh, Co-Founder Torit Innovations
- Mr. Mohammad Hassan, Project Manager, All-State Financial Service Pvt Ltd
- Mr. Vikas R Panditrao, Co-Founder, Forum of Industry and Academic Knowledge Sharing (FIAKS)
- Many other CEO/CXO Bankers & Fintech professionals on FIAKS Forum requested to remain anonymous
While this pandemic put everyone on work from home mode, it led to the surge of development and the use of various video conferencing applications for business meetings. One which emerged to be more famous and widely used was Zoom
Well, the FIAKS community raised a question – Is Zoom Video conferencing app secure?
In April, the Ministry of Home Affairs in India for safety purposes had advised users to follow some guidelines, who still preferred using Zoom. The advisory was on preventing unauthorized entry in the conference room, preventing an unauthorized participant to carry out malicious activity. A machine or network resource was being made available to its intended user by hackers through a DOS (denial-of-service) attack.
The community member said Zoom is an official app used by all local schools in Singapore. Kindly note it runs on Oracle technology and it’s super safe. This triggered the discussions in the community including on some technical points:
- Well, something that has a big name behind it doesn’t always mean that is ‘Super Safe’. If you see how many times the data beach happened from Amazon?
- Zoom stores all the encryption keys at the central servers and route the encrypted traffic through China. That doesn’t make it safe as all the encrypted traffic can be eavesdropped on. Security requires an end to end encryption where encryption keys are only with the end-users.
- The key generation happens at Chinese servers for all users, once u have keys there is no security. If the keys are available to decrypt data then it is as good as no security and that is what zoom does!
- Unless the code of the recently released major version is certified to be clear of security issued by a reputed code audit company, it’s difficult to trust a proprietary system including zoom or any other”.
- A member mentioned, “I remember reading about a server building company recently in a news article that a rice grain-sized component is added to all motherboards manufactured for that company, and unfortunately since that company did not notice any such thing and sold the servers with such motherboards, to all major brands over 15+ years, I am not sure why QA Teams of that company and/or their client teams did not catch throughout the period.”
- While the above example is w.r.t. hardware, an application can be exploited:
- with a bug in the programming language.
- and a programming language can be exploited with a bug in the operating system.
- and an operating system can be exploited with code loaded during booting and through bios, etc…
Well, the Data Protection Authority can set this right; REGISTER and READ the complete FIAKS Bespoke discussions