The home ministry on Thursday issued an advisory stating that the videoconferencing app Zoom, which government officials have been barred from using, is ‘not safe’ for use by private individuals.
The government’s missive came after the national cybersecurity agency – Computer Emergency Response Team of India (CERT-in) – flagged the cyber vulnerability of the popular app, currently being used by tens of thousands of professionals working from home due to the Covid-19 pandemic.
The latest advisory issued by government’s Cyber Coordination Centre or CyCord is for private individuals, and officials pointed out that the NIC (National Informatics Centre) platform is being used for most government video conferences.
Government officials have been asked not to use any third party app and services for meetings. The CyCord portal was launched by Prime Minister Narendra Modi in December 2018 for sharing all cyber-related matters among law enforcement agencies, government organisations and other stakeholders.
The home ministry asked private individuals using Zoom to follow certain guidelines – including preventing unauthorised entry in a conference room, preventing an unauthorised participant from carrying out malicious activity on the terminals of others, and avoiding DOS attack by restricting users through passwords and access grant.
A DOS (denial-of-service) attack is done by hackers to make a computer or network resource unavailable to its intended users.
Earlier, CERT-in had said that unguarded use of Zoom can make it vulnerable to cyber-attacks, including leaks of sensitive office information to criminals.
‘Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease. Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars,’ the CERT-in advisories dated March 30 and April 6 said.
‘Insecure usage of the platform may allow cybercriminals to access sensitive information such as meeting details and conversations,’ the advisories said.
In an interview with CNN last week, Zoom’s CEO Eric S Yuan said his firm had ‘moved too fast…and we had some missteps’, adding the company has learnt its lessons and ‘taken a step back to focus on privacy and security’.