On a day former Congress president Rahul Gandhi held a digital press conference using Zoom App, the Ministry of Home Affairs on Thursday said the online meeting platform is "not safe" and its "vulnerabilities and weaknesses" have come to the fore while advising people to take precaution while using it.
In an official statement, the MHA said the Cyber Coordination Centre (CyCord) has issued an advisory on the vulnerabilities of the App to safeguard private individuals who would “still like to use the platform for private purposes”.
The Cyber Coordination Centre (CyCord), which is part of the MHA said it may not be possible for all the sectors to stop using Zoom, which has seen a "tremendous jump" in conducting conferences, remote meetings and impart education.
"Most of the users of these platforms are not aware of the correct way to configure these platforms to ensure security. Recently various vulnerabilities and weaknesses have been reported in one of the most popular platforms Zoom," the CyCord said.
The advices include setting new user ID and password for each meeting, enabling 'waiting room' so that every user can enter only when host conducting meeting admits him, disabling join before host, allowing screen sharing by host only, disabling 'allow removed participants to re-join', locking meeting once all attendees have joined and restricting recording feature.
The advisories for individuals and those who set up official meetings came after the Computer Emergency Response Team of India (CERT-in) last month issued caution twice against the cyber vulnerability of the App, currently used by tens of thousands of people, who are working from home. The government does not conduct meetings using an App, which is developed by the National Informatics Centre, it said.
The advisories were issued by CyCord last Sunday but a press statement publicising it came on Thursday.
While parties like Congress hold press conferences, including the one addressed by its former President Rahul Gandhi, using Zoom App, several offices use it for digital meetings while education institutions use it conducts online classes. Google last week disallowed its employees to use the App in their laptops though it permitted its use on their mobile phones.
Recently, there were also reports that the details of a large number of Zoom users have landed in the hands of hackers. The App is facing a backlash from users due to “zoom-bombing”, where uninvited guests crash into meetings, besides concerns over the lack of end-to-end encryption of meeting sessions.
"Most of the settings can be done by logging into users zoom account at the website, or installed application at PC/Laptop/Phone and also during the conduct of the conference. However certain settings are possible through certain mode/channel only. For example, a lock meeting can be enabled by an administrator only when the meeting has started" the advisory said.
It also asks individuals, who still want to use the App, to follow certain guidelines like preventing unauthorised entry in the conference room, preventing an unauthorised participant to carry out the malicious activity on the terminals of others and avoiding DOS (Denial of Service) attack, which makes the machine or network unavailable for users, by restricting users through passwords and access grant.