Video conferencing app Zoom has been in the news lately over data privacy issues. Now, the Ministry of Home Affairs (MHA) has also flagged security concerns with the app and said that it is not a safe platform.
Issuing an advisory, the MHA has asked individuals using the app to follow certain guidelines by enabling / disabling settings in order to protect meetings from hackers.
MHA issues advisory, says Zoom not secure video conferencing platform for private individuals. Mentions guidelines for those who still want to use it. pic.twitter.com/b900JOw1Si
— Prasar Bharati News Services (@PBNS_India) April 16, 2020
It listed out that the objectives of the guidelines is to: prevent unauthorised entry in the conference room; prevent an unauthorised participant to carry out malicious attack on terminals of others in the conference; and avoid DoS (denial of service) attack by restricting users through passwords and access grant.
The advisory further explains that most of the settings can be done by logging into users’ Zoom account at website or on the installed application at PC/laptop/phone and also while the conference is going on. However, certain settings are possible through specific channel only.
Listing out the security configurations, it enumerates:
> Setting new user ID and password for each meeting
> Enabling waiting room so that every user can enter only when host conducting meeting admits him
> Disabling join before host
> Allowing screen sharing by host only
> Disabling “Allow removed participants to re-join”
> Restricting /disabling file transfer option (if not required)
> Locking meeting, once all attendees have joined
> Restricting the recording feature
> To end meeting (and not just leave, if you are administrator)
This follows the advisory issued by India’s national cyber security agency CERT-in earlier, outlining the safety measures for both the operator and the users of the video conferencing app.
The Computer Emergency Response Team of India (CERT-In), had said the unprotected usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to cyber criminals.
"Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease (COVID-19). Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars. Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations," the advisory said.
The agency had recommended some measures for enhancing the security of Zoom meetings which included: Keeping the Zoom software patched and up-to-date and always set strong, difficult-to-guess and unique passwords for all meetings and webinars.
"This is especially recommended for any meetings where sensitive information may be discussed," it said.