Zoom app vulnerable to cyber attacks

Information

Zoom app vulnerable to cyber attacks

The national cyber security agency against the cyber vulnerability of the popular video conferencing app 'Zoom', used by tens of thousands of professionals who are working from home in the country due to the COVID-19 pandemic, and issued an advisory outlining the safety measures for both the operator and the users.

The Computer Emergency Response Team of India (CERT-In), the national agency to combat cyber-attacks and guarding the cyber space, said the unguarded usage of the digital application can be vulnerable to cyber-attacks, including leakage of sensitive office information to cyber criminals.

"Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease (COVID-19). Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Google Meet, Slack, Cisco WebEx etc are being used for remote meetings and webinars," the advisory said.

"Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations," it said.

It asked the operators of the platform to disable the 'join before host' feature as that lets others to continue with a meeting in the absence of an actual host this option enables the first person who joins the meeting to automatically become the host and will have full control over the meeting.

"Alternatively, 'scheduling privilege' may be given to a trusted participant to host the meeting in the absence of an actual host," it said.

Some other counter-measures included: If not required, restrict or disable file transfers, ensure removed participants are unable to re-join meetings and if not required, limit screen sharing to the host only.

"Lock the meeting session once all your attendees have joined and restrict the call record feature 'allow record' to trusted participants only," it said.