Zoom: It would also avoid DOS attack by restricting users through passwords and access grant (File)
Highlights
- Zoom bombing has become favourite past time of people during lockdown
- It has issues relating to privacy, security: Home Ministry official
- Centre says the app indulges in dubious practices
New Delhi: The Zoom meeting app is not a safe platform for video conference, the government on Thursday said, issuing a set of guidelines for the safety of private users who "still would like to use Zoom for private purpose". As the use of the app has hugely grown during the lockdown, with people working from home and social gatherings coming to and, Zoom bombing has apparently become a favourite past time of some people .
"Zoom is not a safe platform even for usage of individuals a detailed advisory has already been issued by CERT-India," the home ministry said in a new advisory.
The guidelines, the government said, will prevent unauthorised entry in the conference room and even malicious activity by authorised participants on terminals of the other participants. It would also avoid DOS attack by restricting users through passwords and access grant.
"Most of the settings can be done by login into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However certain settings are possible through certain mode/channel only," the guidelines from the Union home ministry read.
In a statement late in the evening, Zoom said: "Zoom takes user security extremely seriously. A large number of global institutions ranging from the world's largest financial services companies and telecommunications providers to non-governmental organizations and government agencies, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs."
The Zoom app has issues relating to privacy and as well as security," a senior official in the home ministry said.
According to him, the servers of Zoom, like TikTok, are mostly located in China. The Centre maintains the app has significant weaknesses and indulges in dubious practices.
"Our technical analysis shows how this very popular video conferencing app encrypts meeting data," said another officer.
"Leading business houses and governments and others who need confidentiality should not be using this software," an officer in the cyber unit said.
India's nodal cyber security agency Cert-In website had earlier warned users of the video-conferencing app that it was prone to breaches. The guidelines came following instances of leaked passwords and hackers hijacking video calls midway through conferences.
Google has reportedly banned the Zoom app from all employees' computers over security vulnerabilities and Singapore has banned teachers using Zoom after hackers posted obscene images on screens. The app has also been banned for usage in Germany, Singapore and Taiwan.
Even the Australian Signals Directorate or ASD intelligence agency last week cautioned users to stay away from insecure video conferencing applications.
ASD's New Zealand counterpart, the Government Communications Security Bureau, has cleared the use of Zoom for public servants up to the "restricted" information classification level, but not for the stricter "secret" and "Top secret" levels.