Zoom used for Cabinet meetings despite MoD ban over security concerns
Boris Johnson’s Cabinet started using Zoom video conferencing to carry out its meetings just days after Ministry of Defence staff were banned from using it amid security fears.
Downing Street published pictures of the Prime Minister using the technology to continue the briefings with senior MPs – where sensitive information like matters of national security are discussed – while observing rules on social distancing to curb the coronavirus outbreak.
But MoD staff were told this week the use of Zoom was being suspended with immediate effect while “security implications” were investigated, with users reminded of the need to be “cautious about cyber resilience” in “these exceptional times”.
The use of US-based Zoom has “exploded” in popularity but concerns have been raised over its security, according to an industry expert.
This morning, I chaired the first ever video conference Cabinet meeting.
We must all do our bit to stop the spread of coronavirus, protect our NHS and save lives. #StayHomeSaveLives https://t.co/Eew4i0Wr5q pic.twitter.com/LkWYYnMXnq
— Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 24, 2020
One source told the PA news agency: “It is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive Government meeting like that of the Prime Minister’s Cabinet is being conducted over it.”
It is thought swathes of businesses and organisations have flocked to use the technology in the last week as the UK went into lockdown, in a bid to continue meetings with employees who have been forced to work from home.
Growing numbers of people are also using it socially to catch up with friends virtually while stuck indoors.
It has prompted some online debate as to whether there are security and privacy concerns about using the platform.
Andrew Dwyer, who researches cybersecurity at the University of Bristol, said on Twitter: “Seriously worried by the security of Cabinet being conducted over Zoom.
“What is happening here? This is not okay. I doubt the NCSC (National Cyber Security Centre) would be happy, if not mortified, by this.”
A message to MoD staff, seen by PA, said: “We are pausing the use of Zoom, an internet-based video conferencing service, with immediate effect whilst we investigate security implications that come with it.”
A decision will then be made about whether to continue using the programme, the email added.
Paul Bischoff, from Comparitech.com which researches and tests out security, privacy and networking technology, told PA that Zoom is “exploding in popularity” and usage is becoming more “commonplace”.
While the programme is “fairly secure”, he warned the company was “slow” to address a “webcam security flaw” last year which “angered” some users and security experts.
The problem allowed an attacker to hijack the user’s webcam through Safari on Apple Macs, he said.
According to a media reports earlier this month, users were warned against “Zoom bombing” after sessions were hijacked by strangers sharing porn videos.
Around the same time, Zoom, which describes its service as reliable and easy to use, published an article with advice for users entitled “How to keep the party crashers from crashing your Zoom event”.
Mr Bischoff said: “The software has no known serious vulnerabilities at the moment, but that doesn’t mean a hacker won’t find a new vulnerability tomorrow.
“The company also collects some personal information about users and shares it with a few third parties.”
He added it is important to verify links and senders before clicking on them because “criminals will probably create phishing pages designed to look like Zoom pages, but they really just steal your passwords and other information”.
Zoom, the Cabinet Office, the MoD and the National Cyber Security Centre – the part of GCHQ which advises Government – have all been contacted for comment.