UK Parliament
  • Boris Johnson used social media to show his followers that he chaired the first-ever digital Cabinet;
  • The screenshot attached on Twitter gave away the Cabinet’s meeting ID;
  • The platform used for the video meeting was Zoom, a service that’s currently involved in some security and privacy issues, and also a lawsuit;

UK Prime Minister Boris Johnson took on Twitter to announce the first-ever digital Cabinet meeting, encouraging people to “stay at home, protect the NHS, save lives,” as he self-isolated after announcing he was experiencing mild Coronavirus symptoms.

While doing this, he also attached a screenshot of his desktop, showing the 35 participants to the video call. But not only that, as at a closer look, the capture also revealed the Zoom Meeting ID for the UK Cabinet.

It’s obvious why this is not a wise thing to do, as anyone could try to join the video meeting using the Zoom ID. The good thing was, it was password-protected. Even so, an experienced actor having nefarious purposes could try something as simple as using brute-forcing to access the Cabinet’s virtual meeting.

Zoom was recently in the news as it was caught sharing private data with Facebook, resulting in a currently active class-action lawsuit. Zoom users are advised to update to the latest version of the app, where that issue no longer exists.

In other recent news, the FBI warns about ‘Zoom-Bombings’ on online video meeting apps dedicated to teleconferencing and online classrooms. Amid the Coronavirus pandemic, the usage of apps made for group video chats has boomed, but so did the hijackers’ interest for those.

They advise people to watch out for pranksters, racists, and other ill-intentioned individuals, and to protect themselves by making their Zoom video calls private through requiring a meeting password or using the waiting room feature. They also recommend keeping the meeting link private and sharing it only with particular people.

Even so, it seems that Zoom reportedly does not offer real end-to-end encryption for its Windows client as marketed, but rather what is usually called transport encryption. The fact that the platform uses TLS encryption means the service itself can access the unencrypted video and audio content of Zoom meetings. Zoom used a statement to declare it does not directly access, mine, or sell user data, though. So, maybe now is not the best time for the UK Cabinet – or any other people, for that matter – to host their meetings on this platform.