The Narendra Modi government on Thursday has issued an advisory stating that popular video conferencing app Zoom is "not safe".
The Narendra Modi government on Thursday has issued an advisory stating that popular video conferencing app Zoom is "not safe", which is used by tens of thousands of professionals who are working from home in the country due to the COVID-19 pandemic.
Recommended ArticlesView All
Here’s why 2022 has been a very different year for two of India’s biggest AC makers
IST5 Min(s) Read
The advisory, which was issued by the Cyber Coordination Centre (CyCord), under the union ministry of home affairs, states that the platform is not for use by government officers/officials for official purposes.
On April 3, the national cyber security agency had cautioned against the cyber vulnerability of Zoom, "Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease (COVID-19). Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars."
"Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations," it said.
The agency suggested some measures for enhancing the security of Zoom meetings which included: Keeping the Zoom software patched and up-to-date and always set strong, difficult-to-guess and unique passwords for all meetings and webinars. "This is especially recommended for any meetings where sensitive information may be discussed," it said.
Enable 'waiting room' feature so that the call manager will have a better control over participants; all participants can join a virtual 'waiting room', but they will be approved by call manager to be part of the actual meeting, the advisory said.
It asked the operators of the platform to disable the 'join before host' feature as that lets others to continue with a meeting in the absence of an actual host this option enables the first person who joins the meeting to automatically become the host and will have full control over the meeting.
"Alternatively, 'scheduling privilege' may be given to a trusted participant to host the meeting in the absence of an actual host," it said.
Some other counter-measures included: If not required, restrict or disable file transfers, ensure removed participants are unable to re-join meetings and if not required, limit screen sharing to the host only.
"Lock the meeting session once all your attendees have joined and restrict the call record feature 'allow record' to trusted participants only," it said.
First Published: IST