Popular video meeting app Zoom has been in the news consistently over the past few weeks for multiple privacy issues. The latest advisory issued by the Government of India’s Cyber Coordination Center, or CyCord, suggests that individuals who may be using the Zoom app for personal usage or for official calls, should follow certain guidelines to make their video meetings safer. This follows the warning by the Indian Computer Emergency Response Team (CERT-in) that Zoom is not a safe app to use. Earlier, the Ministry of Home Affairs had made it clear that the Zoom app will not be used government officials.
The latest CyCord guidelines indicate that users must have the lock meeting option enabled (this can be done by the administrator or the person who owns the meeting) once the video meeting has started. They also suggest that every meeting should have a new ID and password, and a waiting room feature should be enabled—here, the meeting host or administrator can verify if the person attempting to join the meeting is authorized to and allow them in. There is also the option to disable join before host, which means users can only join the meeting after the host has logged in. Administrators should also disable the “Allow removed participants to re-join” option. Once everyone who is supposed to attend has logged in, the video meeting must be locked so that no new participants can join in. There is also the option to restrict the recording feature, which should be enabled.
The CyCord document says that these guidelines about certain settings in the Zoom app are to “prevent unauthorised entry in the conference room, prevent an authorized participant to carry out malicious on the terminals of other in the conference and avoid DOS attack by restricting users through passwords and access grant.” The potential vulnerabilities in the Zoom app have been flagged by CERT-in earlier, which had said, “Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease. Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, Cisco WebEx etc are being used for remote meetings and webinars.”