Coronavirus: defence axes Zoom over flaws

Defence personnel have been banned from using Zoom amid concerns hostile foreign actors could exploit security flaws in the system.

Ben PackhamFOREIGN AFFAIRS AND DEFENCE CORRESPONDENT

@bennpackham

less than 2 min read

8:00PMApril 05, 2020.

Updated 6:33AMApril 06, 2020

Zoom uer numbers soared to 200 million a day in March but the platform has been beset with security problems. Picture: AFP

Defence personnel have been banned from using the Zoom video conferencing platform, amid concerns hostile foreign actors could exploit security flaws in the dominant virtual meeting system.

Uniformed members and Defence bureaucrats received the edict in a special bulletin on maintaining information security when working offsite because of COVID-19 social distancing.

Zoom user numbers soared to 200 million a day in March, from 10 million a day in December, as the coronavirus crisis forced a global shift to working online, but the platform has been beset with security problems. In the latest, the company admitted it had “mistakenly” routed some user data through China.

Zoom has also been criticised for wrongly claiming the app had end-to-end encryption, allowing meeting hosts to track attendees and leaving Mac users vulnerable to having webcams and microphones hijacked.

Deakin University’s Elizabeth Buchanan, a lecturer at the Australian War College, said Australians had moved quickly to online platforms without sufficient due diligence of their potential to be used as “malware”. “Conducting strategic and sensitive discussions on these platforms might give state actors an opportunity to exploit our time of crisis … and capitalise on our strategic position or planning at a later stage,” Dr Buchanan said.

She said the “new normal” of online work should force a fresh look at the security of our critical infrastructure, including electricity and communications grids.

The Australian Cyber Security Centre issued advice to employers urging care when selecting meeting platforms, telling users to note where the service was based and whether it used strong encryption. It stopped short of singling out particular platforms.

Australian Strategic Policy Institute cyber security analyst Tom Uren said Defence was in a difficult position as it had always assumed personnel would be able to travel to secure facilities.

“The defence paradigm is ‘We have secure facilities and you will go to those secure facilities for anything we really need to talk about that is sensitive’,” he said.

“It needs as close to a 100 per cent guarantee (of security) as you can get, and anything commercial you are not going to get that unless you’ve done a whole lot of work.”

Zoom founder Eric Yuan has said the company had “fallen short of the community’s, and our, privacy and security expectations”.