The Ministry of Home Affairs (MHA) on Thursday issued an advisory saying that video-conferencing application, Zoom “is not a secure platform” for private individuals and has advised government officers/officials not to use the app for any purpose.
Earlier, the Indian Computer Emergency Response Team (Cert-In) had issued similar advisories about exercising caution while using Zoom.
“Zoom is a not a safe platform and advisory of Cert-In on the same dated Feb 06, 2020, and March 30, 2020, may kindly be referred. These advisories are available on Cert-In website,” the MHA advisory said.
The MHA advisory comes after the CERT-in warning and is especially meant for private individuals and organisations.
MHA has also asked individuals using the app to adhere to certain guidelines, largely based on those issued by CERT-In to safeguard their Zoom account and personal data.
“Those private individuals who still would like to use Zoom for private purpose”, the MHA said, should enable some security settings and take some precautions.
The MHA advisory said that the objective of the guidelines was “to prevent unauthorised entry in the conference room, to prevent an authorised participant to carry out malicious act on the terminals of others in the conference and to avoid DOS attack by restricting users through passwords and access grant.”
“Most of the settings can be done by logging into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However, certain settings are possible through certain mode/channel only. For example, lock meeting can be enabled by administrator only when the meeting has started,” the advisory added.
The advisory further gave detailed instructions on using the platform safely, including security configurations through website and app.
The advisory details the following steps to make Zoom meeting secure:
· Set a new user ID and password for each meeting.
· Enable the Waiting Room feature that will only allow users to enter when granted admission by the host.
· Disable the join before host option.
· Allow screen sharing by the host only.
· Disable “Allow removed participants to re-join” feature.
· Restrict or disable the file transfer option when it isn’t required.
· Lock meetings, once all participants have joined.
· Restrict the recording feature.
· End meeting, and not just leave, if you are the administrator.
Besides issuing an advisory, the federal government is also planning on developing a video conferencing app for India for which it is consulting IT specialists, start-ups and others to create such a platform.
“Few shortlisted designs and ideas will be funded by the government and the most effective apps will be encouraged for domestic use,” a senior official said.
In response to the MHA advisory, a Zoom spokesperson said: “Zoom takes user security extremely seriously. A large number of global institutions ranging from the world’s largest financial services companies and telecommunications providers, to non-governmental organisations and government agencies, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs.”
For those unaware, Zoom has seen a massive surge in its usage in corporate offices and schools worldwide after countries limited movement of people to control the global coronavirus (COVID-19) pandemic. However, the app has been receiving backlashes over its sloppy privacy and security protections.
The firm’s CEO Eric Yuan also acknowledged the concerns by saying: “[We] recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry.”
Zoom announced a 90-day feature freeze and dedicate its resources to identify, address and fix the existing security issues within the service. During this period, no new features would be rolled out until the current feature set is fixed.
Recently, Google too banned its employees from using the desktop app of Zoom citing “security vulnerabilities” within the video conferencing app.
Even Singapore has suspended the use of the video-conferencing app in schools after hackers hijacked home-based online classes and showed obscene images to students.