Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Sunday 3 December 2023 Dublin: 4°C
PA Images

Boris Johnson tweet of virtual Cabinet raises cybersecurity concerns

The Zoom Meeting ID number was visible in screenshot from the video conference which was posted to Twitter.

SECURITY EXPERTS HAVE voiced concerns after Boris Johnson tweeted a picture of a virtual Cabinet meeting which included personal details.

The UK Prime Minister’s post showed the meeting ID number on video conferencing platform Zoom, as well as the usernames of some ministers taking part.

Johnson’s communications with his top team of ministers is secure, Downing Street insisted after the online meeting.

But according to one cybersecurity expert, Johnson’s tweet showing meeting details broke a key rule about security when using such technology.

Jonathan Knudsen, senior security strategist at Synopsys, said those using tools such as Zoom must “be careful about sharing the meeting information”.

“Video conferencing helps people stay connected by being able to speak to each other, see each other, and share text and files.

“Like any other technology, however, video conferencing has security risks that must be considered,” he said.

“No matter who you are, publishing information to the world must be done carefully,” Knudsen added.

“Boris Johnson’s Twitter post reveals a Zoom meeting ID and what appear to be one or two personal IDs that might correspond to email addresses.

“In the worst case scenario, the meeting ID will be reused, the meeting is not protected by a password, and an eavesdropper is able to join.

“Likewise, Mr  Johnson’s colleagues might get unsolicited and unwanted email.

“Before posting anything online, stop and think. In the best case scenario, this screen shot was reviewed and determined to contain no sensitive information.”

Richard Bejtlich, principal security strategist at Corelight said: “Zoom users should treat their Zoom meeting IDs as sensitive and should not share them on social media.

“Meeting owners should also set unique passwords for meetings, to prevent unauthorised access by those who obtain or guess meeting IDs.”

A password was in place to protect the virtual Cabinet meeting and while some Zoom meeting numbers can be repeatedly used, Downing Street said new meeting IDs were being generated each time the software was used.

Concerns have been raised about Zoom after the use of the software by Ministry of Defence staff was suspended last week while “security implications” were investigated.

There have been reports of strangers gaining access to meetings and displaying explicit material if proper security measures are not taken, such locking a meeting once all expected attendees have joined, in a process which has become known as “Zoombombing”.

The service has come under increased scrutiny in recent weeks as millions of workers and students turn to its video conferencing tools to help with working from home during the coronavirus pandemic.

Zoom lists a number of additional security options on its website for users making video conferencing calls, including creating a waiting room for invited attendees before a meeting starts and only allowing those with provided email addresses to join a meeting.

Cabinet ministers dialled in to the meeting instead of sitting around the table in 10 Downing Street as part of social distancing measures to curb the spread of Covid-19.

Downing Street was “following all necessary security procedures” and “I am happy to say with confidence we were satisfied it was secure”, the spokesman added.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel