” Zoom is a not a safe platform,” the Cyber Coordination Centre (CyCord) of ministry of home affairs said in a new 16-page advisory.
Kosha Doshi :-
Ministry of Home Affairs (MHA) has warned the Zoom app users that the video-conferencing application is not safe for usage. The video meeting app has become quite popular across the globe as more and more workers are now working from home during the lockdown period. Several other countries have also expressed concern about the security of the application. Germany, Singapore and Taiwan have already banned the application.
The govt’s warning comes after India’s nodal cyber security agency – Computer Emergency Response Team of India (CERT-in) – had cautioned against the vulnerability of the app. The agency had pointed out that the app has significant weaknesses which can make users vulnerable to cyber attacks, including leakage of sensitive office information to criminals.
Last week, Zoom CEO Eric Yuan hosted a live stream on YouTube to ensure the security of its users. The company also recently hired former Facebook security chief Alex Stamos as it faced backlash from major corporate clients including Google.
The latest advisory issued by the government’s Cyber Coordination Centre or CyCord is for private individuals, as officials pointed out that the NIC (national informatics centre) platform is being used for most government video-conferences.
The government officials have been asked not to use any third party app and services for holding meetings. CyCord portal was launched by Prime Minister Narendra Modi in December 2018 for sharing all cyber related matters amongst law enforcement agencies and government organizations and other stakeholders.
It asks private people who would like to use Zoom to follow certain guidelines – including preventing unauthorized entry in the conference room, preventing an unauthorized participant to carry out malicious activity on the terminals of others and avoiding DOS attack by restricting users through passwords and access grant. A DOS (denial-of-service) attack is done by hackers to make a machine or network resource unavailable to its intended user (s).
In the new advisory, MHA has asked users, who would still like to use Zoom,
to follow certain guidelines for safety purpose–
*Create a new user ID and password for each meeting.
* Create a waiting room in the app so that a user will be able to enter the meeting only when the host gives him permission
* Disable Join feature before hosting
* Allowing Screen sharing by Host only
*Disabling “Allow removed participants to re-join”
* It is recommended to restrict or disable file transfer
* When all participants have joined, it has been advised to lock the meeting.