The advisory said that the insecure use could allow cybercriminals to have access to sensitive information like the details of meetings and the conversations carried out using the app.
Coronavirus lockdown: Tens of thousands of people in the country are using a video conferencing app called Zoom to work from home during the lockdown due to COVID-19. The Indian Computer Emergency Response Team (CERT-In), which is the nodal cyber security agency in India, on Thursday warned that the app, which has seen a huge spike in usage in the last few days, is prone to hacking. The agency has issued an advisory for both the users and the operators who use Zoom.
CERT-In said the unguarded use of Zoom could leave it vulnerable to cyber attacks. The advisory said that the insecure use could allow cybercriminals to have access to sensitive information like the details of meetings and the conversations carried out using the app.
The advisory lists certain suggestions using which the app could be kept safe. These suggestions include keeping the software patched and up-to-date, and also to ensure that the password set for the meetings are unique, difficult to guess and strong. The advisory said that these suggestions are especially important for those meetings in which sensitive information is discussed.
It also suggested that users should enable the waiting room feature, using which people who join the meeting will be in a virtual waiting room and will only be a part of the actual meeting once the call manager approves their presence.
The advisory also asked the operators to disable the feature which allows a meeting participant to join before the person who has hosted the meeting. Due to this feature, the first person to enter the virtual meeting room becomes the host by default and gets control over the meeting.
Some of the other suggestions given by CERT-In include restricting or disabling the file transfer feature if it is not required, including a method which lets the host to ensure that a removed member cannot rejoin the meeting and if not required, limiting the screen sharing to only the host of the meeting.
The advisory also said that the host should lock the meeting once all the participants have joined and the feature to record the calls should be restricted to only trusted participants.