MHA says Zoom 'not a secure platform'; issues advisory on usage

Amid concerns over security flaws and privacy breach of users, the Ministry of Home Affairs has issued an advisory saying video-conferencing application Zoom "is not a secure platform" for private individuals and advised against use by government offices/staff for official purposes. The popularity of the video conferencing platform skyrocketed after the lockdowns and stay-at-home orders owing to the COVID-19 pandemic which laid bare the security flaws of the application.

READ | Video Calling App Zoom Sued By Its Shareholder For Hiding Security Flaws

MHA gave the following guidelines to be followed in the app's settings

• Create a new user ID and password for each meeting
• Create a waiting room in the app so that a user will be able to enter the meeting only when the host gives him permission
• Disable Join feature before hosting
• Allowing Screen sharing by Host only
• Disabling "Allow removed participants to re-join"
• It is recommended to restrict or disable file transfer
• When all participants have joined, it has been advised to lock the meeting
• Restrict the recording feature
• To end meeting (not just leave, if you are an administrator)

READ | Zoom App User Data Is Being Sold For ₹23 Lakh On Dark Web: Reports

Hacked data for sale

A recent report on the Zoom app has revealed that the hackers of the social platform are selling user data online on the Dark web for ₹23 lakhs. The exploits that are being sold include webcam data, microphone and all the incorporated data in between. such as passwords, emails and device information. The vulnerabilities of the video app have led to this major privacy issue for its users. The San Jose, California based company has come under intense scrutiny from authorities in the United States, Germany and Singapore over security concerns. 

READ | German Foreign Ministry Restricts Use Of Zoom App Amid Reports Of Security Flaws

Zoombombing

Zoom is also charged for 'Zoombombing' its users where random people joined a video conference. The social platform is also being blamed for selling its user data to Facebook without the users’ consent. The users have also reported that the video app has an unpatched bug that lets hackers steal Windows user data and passwords.

Reports of “Zoombombing” flooded the internet where the users complained about interruptions by uninvited guests and posting hateful messages during online sessions. On April 1, Zoom CEO Eric Yuan apologised to its users saying the company fell short of clearly conveying the encryption practices and incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.

READ | Singapore Stops Zoom For Online Education As Hackers Strike