Boris Johnson’s cabinet has been using Zoom video conferencing to conduct its coronavirus meetings, despite Ministry of Defence staff being banned from using it amid security fears.
Images of the prime minister using the app with colleagues so they comply with COVID-19 social-distancing rules were released by Number 10.
But it came after MoD employees were instructed this week that the use of Zoom was being immediately suspended while “security implications” were investigated, with users reminded of the need to be “cautious about cyber resilience” in “these exceptional times”.
Use of the US-based Zoom has “exploded” in popularity amid the crisis but concerns have been raised over its security, according to an industry expert.
A source told the Press Association: “It is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive government meeting like that of the prime minister’s cabinet is being conducted over it.”
Swathes of businesses and organisations across the UK have begun using the technology in the last week as the country went into lockdown, in an effort to continue meetings with workers who have been forced to work from home.
And the technology is also seeing an explosion in use socially, as people clamour to catch up with friends virtually while stuck indoors.
Andrew Dwyer, who researches cybersecurity at the University of Bristol, said on Twitter: “Seriously worried by the security of cabinet being conducted over Zoom.
“What is happening here? This is not okay. I doubt the NCSC [National Cyber Security Centre] would be happy, if not mortified, by this.”
A message to MoD staff, seen by PA, said: “We are pausing the use of Zoom, an internet-based video conferencing service, with immediate effect whilst we investigate security implications that come with it.”
It added that a decision would then be made about whether to continue using the programme.
Paul Bischoff, from Comparitech.com which researches and tests out security, privacy and networking technology, told PA that Zoom was “exploding in popularity” and usage is becoming more “commonplace”.
:: Listen to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
While the programme is “fairly secure”, he warned the firm was “slow” to address a “webcam security flaw” last year which “angered” some users and security experts.
He said the problem allowed an attacker to hijack the user’s webcam through Safari on Apple Macs.
Reports earlier this month suggested users were warned against “Zoom bombing” after sessions were hijacked by strangers sharing porn videos.
Zoom, which describes its service as reliable and easy to use, published an article with advice for users entitled “How to keep the party crashers from crashing your Zoom event”.
Mr Bischoff said: “The software has no known serious vulnerabilities at the moment, but that doesn’t mean a hacker won’t find a new vulnerability tomorrow.
“The company also collects some personal information about users and shares it with a few third parties.”
He added that it was important to verify links and senders before clicking on them because “criminals will probably create phishing pages designed to look like Zoom pages, but they really just steal your passwords and other information”.
Zoom, the Cabinet Office, the MoD and the National Cyber Security Centre – the part of GCHQ which advises government – have all been contacted for comment.