‘Zoom app is not safe for private persons/entities’: MHA
The ministry of home affairs has issued an advisory stating that videoconferencing app Zoom is “not safe”.
The government’s missive comes after the national cyber-security agency – Computer Emergency Response Team of India (CERT-in) cautioned against the cyber vulnerability of the popular app, currently being used by tens of thousands of professionals working from home due to the Covid-19 pandemic.
The latest advisory issued by the government’s Cyber Coordination Centre or CyCord is for private individuals, as officials pointed out that the NIC (national informatics centre) platform is being used for most government video-conferences. The government officials have been asked not to use any third party app and services for holding meetings. CyCord portal was launched by Prime Minister Narendra Modi in December 2018 for sharing all cyber related matters amongst law enforcement agencies and government organizations and other stakeholders.
It asks private people who would like to use Zoom to follow certain guidelines – including preventing unauthorized entry in the conference room, preventing an unauthorized participant to carry out malicious activity on the terminals of others and avoiding DOS attack by restricting users through passwords and access grant. A DOS (denial-of-service) attack is done by hackers to make a machine or network resource unavailable to its intended user (s).
Earlier, CERT-in had stated that unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to criminals.
“Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease. Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars,” the CERT-in advisories on March 30 and April 6 said.
“Insecure usage of the platform may allow cybercriminals to access sensitive information such as meeting details and conversations,” it said.
In an interview with CNN last week, Zoom’s CEO Eric S Yuan said, “We moved too fast…and we had some missteps,” adding that the company has learnt its lessons and “we have taken a step back to focus on privacy and security”.