High-level government talks on Britain’s coronavirus response were held on a videoconference service that Ministry of Defence staff were banned from using just days earlier over security fears.
Prime Minister Boris Johnson gathered cabinet ministers earlier this week using Zoom to discuss the latest lockdown measures.
Downing Street even posted a picture of all the secretaries of state dialling in instead of coming in to Number 10 and crowding round one table to avoid catching COVID-19.
But it has emerged the Ministry of Defence (MoD) ordered all workers in the department to immediately stop using Zoom while “security implications” were investigated.
An email sent to staff also told them to be “cautious about cyber resilience” in “these exceptional times”.
A source said after the revelation: “It is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive government meeting like that of the prime minister’s cabinet is being conducted over it.”
Another added “I’d rather the cabinet were using the games feature on Houseparty” – another video-calling service.
Zoom has had a big popularity boost during the lockdown imposed in the UK and many other countries around the world because of coronavirus.
But an industry expert raised concerns over its security.
Andrew Dwyer, who researches cybersecurity at the University of Bristol, wrote on Twitter: “Seriously worried by the security of cabinet being conducted over Zoom.
“What is happening here? This is not okay. I doubt the NCSC [National Cyber Security Centre] would be happy, if not mortified, by this.”
Paul Bischoff, from Comparitech.com which researches and tests out security, privacy and networking technology, said the programme is “fairly secure”.
But he warned the company was “slow” to address a “webcam security flaw” last year which “angered” some users and security experts.
The problem allowed an attacker to hijack the user’s webcam through Safari on Apple Macs, he said.
:: Listen to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
According to a media reports earlier this month, users were warned against “Zoom bombing” after sessions were hijacked by strangers sharing porn videos.
A government spokesperson tried to assuage concerns by saying NCSC guidance showed “there is no security reason for Zoom not to be used for conversations below a certain classification”.
“In the current unprecedented circumstances the need for effective channels of communication is vital,” they added.
Zoom said it takes users’ security “extremely seriously” and that 2,000 institutions – from leading telecoms providers to government agencies and universities – have done exhaustive security reviews of the service.
A spokesperson added: “Zoom are in close communication with the UK Ministry of Defence and National Cyber Security Centre and are focused on providing the documentation they need.”