The government is using popular conferencing platform Zoom to conduct Cabinet meetings, despite reported Ministry of Defence (MoD) warnings about the security implications.
The government appears to be heeding its own COVID-19 advice in forcing ministers to adhere to social distancing and work from home rules. However, a photo circulated by Boris Johnson showed the Prime Minister using Zoom to host a Cabinet meeting.
The same US-produced platform, which reportedly has a large China-based engineering team, was banned by MoD officials on security concerns, with staff at the department told to stop using it until further notice.
A government spokesperson told Sky News that, according to guidance from the National Cyber Security Centre (NCSC) “there is no security reason for Zoom not to be used for conversations below a certain classification.”
“Should we be letting a company we know so little about be entering our highest office of state? Should we be divulging so [much] personal data to this company with lax policies?” he tweeted. “The rush to online means we need to pay more attention and not less.”
Last July, researchers revealed a zero-day bug in the Mac Zoom client which could have allowed hackers to spy on users via their webcams. IT took several months for it to fix the bug, which was first reported to the firm in March.
“Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner,” argued researcher Jonathan Leitschuh. “An organization of this profile and with such a large user base should have been more proactive in protecting its users from attack.”
This was followed by a further security snafu in October, when researchers revealed an API-targeted enumeration attack affecting the platform.
Source: Infosecurity Magazine
If your employees are working from home The Cloud Consultancy can help you with VPN’s, Password Management, Multi Factor Authentication, Firewalls, Fast 4G LTE Connectivity and more. We also provide taylored remote training to ensure that you, your staff and stakeholders are informed and educated about good cyber security practices along with Office 365 training on how to use Microsoft Teams.