“Zoom is not a safe platform”, cautions MHA ; Zoom comes with an updated version claiming better security to its users.
- Zoom has emerged as a one-stop solution for video conferencing among users during the covid-19 lockdown globally
- With 100 participants in one video meeting, Zoom app appeals to all types of business conferencing
- Google was the first to suspend zoom over the vulnerability of the app
Technology: The Ministry of Home Affairs (MHA) has warned the Zoom app users that the video-conferencing application is not safe for usage. The app has become quite popular across the globe as more employees are now working from home during the lockdown period. Several other countries have also expressed concern about the security of the application. Germany, Singapore and Taiwan have already banned the application.
“Zoom is not a safe platform,” the Cyber Coordination Centre (CyCord) of Ministry of Home Affairs said in the new 16-page advisory.
This warning comes after the Computer Emergency Response Team of India (CERT-in), the nodal cyber security agency – had warned against the vulnerability of the app. The agency had pointed out that the app has significant flaws which can make users vulnerable to cyber attacks, including leakage of sensitive office information to criminals.
In the new advisory, MHA has asked users, who would still like to use Zoom, to follow certain guidelines for their safety– including preventing unauthorized entry in the conference room, preventing an unauthorized participant from carrying out malicious activity. A DOS (denial-of-service) attack is done by hackers to make a machine or network resource unavailable to its intended user.
The government has reissued new guidelines after many users have complained about instances of leaked passwords and hackers hijacking video calls midway through conferences.
Follow the MHA guidelines for safe usage:
- Create a new user ID and Password for each meeting.
- Create a waiting room in the app so that a user will be able to enter the meeting only when the host gives him permission.
- Disable Join feature before hosting.
- Allow Screen sharing by Host only.
- Disable “Allow removed participants to re-join”.
- Restrict or disable file transfer.
- Lock the meeting when all the participants have joined.
- Restrict the recording feature.
- End the meeting (not just leave, if you are an administrator).
Zoom has been in the middle of a privacy storm lately with private companies and governmental agencies asking their employees to refrain from using the app.
Now, Zoom spokesperson in response to MHA’s circulars has said “Zoom takes security of their users extremely seriously”.
“A large number of global institutions ranging from the world’s largest financial services companies and telecommunications providers, to Non-governmental organisations and government agencies, have done exhaustive security reviews of our user, network and data center layers and continue to use Zoom for most or all of their unified communications needs,” the spokesperson added.
Notably, this is not the first time that an Indian governmental agency has cautioned users against using the popular video conferencing app. Earlier this month, the Computer Emergency Response Team of India (Cert-In) issued an advisory regarding the app’s security issues.
Meanwhile, Zoom as a part of its 90-day feature freeze has updated its app adding a host of new features to the platform. As a part of the changes, the company has added the ability for the Zoom users to set minimum meeting password requirements. It is also introducing longer meeting ID and turning on password protection for all shared cloud recordings among other things.