“Zoom is a not a safe platform,” the Cyber Coordination Centre (CyCord) of ministry of home affairs said in a new 16-page advisory.
Ministry of Home Affairs (MHA) has warned the Zoom app users that the video-conferencing application is not safe for usage.
The video meeting app has become quite popular across the globe as more and more workers are now working from home during the lockdown period. Several other countries have also expressed concern about the security of the application. Germany, Singapore and Taiwan have already banned the application.
“Zoom is a not a safe platform,” the Cyber Coordination Centre (CyCord) of ministry of home affairs said in a new 16-page advisory.
The Ministry of Home Affairs issued an advisory on Thursday where it said that video conferencing app Zoom is not to used by Government officers/officials for official purposes and it is “not safe” for use by private individuals as well.
This directive comes after the Computer Emergency Response Team of India (CERT-in) – had raised concerns over potential cyberattacks through Zoom. In an order issued on March 30, CERT-IN said that using Zoom without taking necessary security precautions, can make it vulnerable to cyber-attacks, including leaks of sensitive office information to criminals.
The latest advisory by the Home Ministry states that the National Informatics Centre (NIC) platform is being used for most government video conferences. Keeping security concerns in mind, government officials have been asked not to use any third-party app and services for meetings.While the MHA cautioned private individuals about security concerns, it also issued certain guidelines for minimizing the risk while using the Zoom app.
The govt’s warning comes after India’s nodal cyber security agency – Computer Emergency Response Team of India (CERT-in) – had cautioned against the vulnerability of the app. The agency had pointed out that the app has significant weaknesses which can make users vulnerable to cyber attacks, including leakage of sensitive office information to criminals.
In the new advisory, MHA has asked users, who would still like to use Zoom, to follow certain guidelines for safety purpose– including preventing unauthorized entry in the conference room, preventing an unauthorized participant to carry out malicious activity. A DOS (denial-of-service) attack is done by hackers to make a machine or network resource unavailable to its intended user.
Zoom had shot to overnight fame as millions of people around the world used the app to study, work and socialize in the times of Covid-19 lockdown. But the spotlight has lead to widespread scrutiny of security and privacy issues of the platform.
The govt has reissued new guidelines after many users have complained about instances of leaked passwords and hackers hijacking video calls midway through conferences.
Here are the complete MHA guidelines for safe usage:
*Create a new user ID and password for each meeting
- Create a waiting room in the app so that a user will be able to enter the meeting only when the host gives him permission
- Disable Join feature before hosting
- Allowing Screen sharing by Host only
*Disabling “Allow removed participants to re-join” - It is recommended to restrict or disable file transfer
- When all participants have joined, it has been advised to lock the meeting
- Restrict the recording feature
- To end meeting (not just leave, if you are an administrator)