APSN Banner

Indonesia still using Zoom despite security flaws

Jakarta Post - April 28, 2020

Made Anthony Iswara, Jakarta – Private employee Juliana Ekaputri, 26, said she was surprised after seeing a video last Friday from her colleague showing how videoconferencing application Zoom had caused her colleague's computer to be hacked.

The video reminded her that about a week before, she received a notification saying that someone had tried to log in to her Yahoo account. Upon hearing her coworker's story, she suspected that it was because she had used Zoom several times to contact her friends during the ongoing COVID-19 pandemic. She immediately uninstalled the Zoom app on her phone.

"It is terrifying because most of my work data is on my phone as well as corporate email and mobile banking," Juliana said. "I'm scared because it leaves open the possibility of something similar happening with other applications as well."

Indonesia is becoming wary of teleconferencing platforms such as Zoom for their security holes, as such applications have become popular since the government told people to stay home to prevent further COVID-19 spread in the country.

Journalist Ismi Damayanti, 29, said she was worried when the app on her iPad started up automatically after receiving a notification that said "accessory may not be supported" despite being unplugged from any external devices.

"I underestimated the news [about Zoom's security problems] but after that incident, I never let Zoom be installed [for too long]," said Ismi, adding that she only installed the application for teleconferences and uninstalled it right after.

But such concerns have not only haunted individual users. The Defense Ministry, for instance, issued a circular on April 21 forbidding its staff to use Zoom over security concerns, after learning that Zoom had reported traffic duplication to servers in other countries, opening up the possibility for conversations via the platform to be monitored by a third party.

"We urge all working unit and sub-unit heads to refrain from using Zoom for teleconferences," the circular reads. "Defense Ministry employees are required to coordinate with the ministry's Data and Information Center before conducting a teleconference session."

However, numerous ministries and organizations are still turning to Zoom as the best available option to hold press conferences, as the country has yet to develop its own teleconferencing application.

The Supreme Court will also continue to use Zoom for its virtual trials, with spokesperson Abdullah saying that continuing trials was crucial because exceeding the court's 30-day detainment period would complicate legal processes.

"There are no other solutions for now except [Zoom]," he said, adding the court was currently seeking solutions to the security concerns.

The court, however, will not use the application to hold closed trials involving children and "decency cases", nor to authenticate evidence.

The Communications and Information Ministry was not available for comment. However, Communications and Information Minister Johnny G. Plate previously said that Zoom was safe for government officials to use, considering that the Cabinet Secretary office controls and manages Zoom meetings for limited Cabinet meetings, as quoted by kompas.com.

His ministry is also currently working with cellular operator Telkomsel to review and develop the latter's cloud-based telecommunications application CloudX as an alternative application for teleconferences. CloudX is currently only available for corporate usage.

Telkomsel corporate communications vice president Denny Abidin said last week that the firm would soon issue an official statement about the partnership.

Denny has earlier said that Telkomsel was waiting for further coordination with the ministry and planned to open up CloudX to the general public in the near future.

Communication and Information System Security Research Center (CISSReC) chairman Pratama Persadha recommends that the government use other safer alternatives for teleconferences, such as Google Meet, Cisco Webex or Microsoft Teams, while it develops its own application.

He also lauded the Defense Ministry's ban for being aware of the potential risks of using the Zoom application.

The problem with Zoom, he said, was that it lacked end-to-end encryption to prevent third parties from intercepting conferences. He also saw its chat features as a loophole for hackers to access the user's username and password, leading to the private data of thousands of users being sold online.

Responding to global concerns over its security, Zoom said it had enhanced its security features in its newest version, which upgrades encryption standards. It has also provided easier access for security controls for the hosts and default password settings for most users, among other features. The move is part of its 90-day plan to bolster privacy and security issues.

"I am proud to reach this step in our 90-day plan, but this is just the beginning," Zoom chief executive and founder Eric Yuan said last Wednesday. "We will earn our customers' trust and deliver them happiness with our unwavering focus on providing the most secure platform."

Aside from Zoom, WhatsApp has also been under the spotlight as hackers have reportedly hacked WhatsApp accounts. One independent researcher even faced incitement charges after a message calling for nationwide riots on April 30 was broadcast from his WhatsApp account, which he says was hacked.

But not everyone is worried about such hackers. Information technology company administrator Boban Mas Iqbal, 25, said he now felt confident using Zoom as the application now obliges virtual meeting participants to be authorized by the host before they can join a meeting.

"Actually, hackers are able to enter [virtual meetings] because the individuals are not being careful when they are surfing the internet. Hackers look for loopholes from such carelessness," Boban said.

Source: https://www.thejakartapost.com/news/2020/04/28/indonesia-still-using-zoom-despite-security-flaws.html