MHA says Zoom app is not a secure platform, issues guidelines for users to prevent unauthorised entry into conferences

The Ministry of Home Affairs has issued an advisory stating that the popular videoconferencing app Zoom is “not safe”. According to the advisory, users who still would like to use Zoom for private purpose, must adhere to certain guidelines issued by CERT-India.

MHA issues advisory, says Zoom not secure video conferencing platform for private individuals. Mentions guidelines for those who still want to use it. pic.twitter.com/b900JOw1Si

— PB-SHABD (@PBSHABD) April 16, 2020

The guidelines include preventing unauthorised entry into the conference room and stopping malicious activity by authorised people on terminals of the other participants. The advisory asked users to avoid DOS attack by restricting users through passwords and access grant. A DOS attack or denial of service attack by hackers make a computer or network resource unavailable to the intended users. The guidelines from the Union home ministry further read, “Most of the settings can be done by login into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However certain settings are possible through certain mode/channel only.” Recently, the video conferencing app faced a lot of flak when two researchers claimed to have found a loophole which could allow attackers to acquire Windows passwords and also silently access a user’s Macbook and tap into its webcam and microphone. Zoom chief executive Eric S Yuan apologised for the security flaws and promised to look into the concerns. Subsequently, Zoom introduced a new security menu so that users can easily access privacy tools. The video conference app created a dedicated icon for security at the bottom of the screen which replaced the invite button in the app.