Technical / Zoom not a safe platform for video conferencing, says govt; issues guidelines

The government has said Zoom is not a secure and safe platform for video conferencing for private individuals. Earlier, CERT-In had stated that unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to criminals. The government issued guidelines for those who still want to use the app, explaining security configurations.

NDTV : Apr 16, 2020, 06:17 PM
New Delhi: The Zoom meeting app is not a safe platform for video conference, the government today said, issuing a set of guidelines for the safety of private users who "still would like to use Zoom for private purpose". Zoom bombing has apparently become a favourite past time of people during the lockdown. 

"Zoom is not a safe platform even for usage of individuals a detailed advisory has already been issued by CERT-India," the home ministry said in a new advisory. 

The guidelines, the government said, will prevent unauthorised entry in the conference room and even malicious activity by authorised participants on terminals of the other participants. It would also avoid DOS attack by restricting users through passwords and access grant.

"Most of the settings can be done by login into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However certain settings are possible through certain mode/channel only," the guidelines from the Union home ministry read.

The Zoom app has issues relating to privacy and as well as security," a senior official in the home ministry said. 

According to him, the servers of Zoom, like TikTok, are mostly located in China. The Centre maintains the app has significant weaknesses and indulges in dubious practices.  

"Our technical analysis shows how this very popular video conferencing app encrypts meeting data," said another officer.

"Leading business houses and governments and others who need confidentiality should not be using this software," an officer in the cyber unit said.

India's nodal cyber security agency Cert-In website had earlier warned users of the video-conferencing app that it was prone to breaches. The guidelines came following instances of leaked passwords and hackers hijacking video calls midway through conferences.

Google has reportedly banned the Zoom app from all employees' computers over security vulnerabilities and Singapore has banned teachers using Zoom after hackers posted obscene images on screens. The app has also been banned for usage in Germany, Singapore and Taiwan.

Even the Australian Signals Directorate or ASD intelligence agency last week cautioned users to stay away from insecure video conferencing applications.

ASD's New Zealand counterpart, the Government Communications Security Bureau, has cleared  the use of Zoom for public servants up to the "restricted" information classification level, but not for the stricter "secret" and "Top secret" levels.