The Home Ministry’s Cyber Coordination Centre issued an advisory yesterday saying that Zoom was “not a safe platform”, and said that private users should follow precautions before using it, such as locking the call to new entrants, and having a passcode to enter the call.
The Ministry referred to two CERT-IN advisories, published on March 30 and April 2 pointing out security flaws in the app. The March 30 advisory was a list of general tips to keep Zoom calls private, as many of the default settings could lead to calls that were easy to “zoombomb”. The latter advisory points to a flaw in the installation package for an old version of Zoom’s macOS version, a vulnerability that would allow attackers to commandeer the webcam and microphones of users, and another attack that could lead to users giving up their credentials.
On April 14, the US’s National Vulnerability Database recorded another potential exploit for Zoom, where the app could get improper privileges on some devices running the software.
The Ministry said that those in the government shouldn’t use the app in the first place. Many video conferences at the government level are happening through the National Informatics Centre, which has a custom-built service hosted on NIC servers for the purpose.