SPD: Webex gap allowed unauthorized meeting participation

After the German Armed Forces, the Social Democratic Party of Germany (SPD) has also been affected by a Webex security vulnerability. Third parties were able to attend Webex conferences unnoticed. The door was open to espionage.

A journalist from Die Zeit uncovered the vulnerability. She was able to attend internal Webex meetings of the SPD without an invitation and, sometimes unnoticed, she wrote on X (formerly Twitter). The SPD also apparently had insecure default settings that undermined the security and confidentiality of the system.

SPD confirms incidents

A spokeswoman for the SPD responded to a request from heise online: "We can confirm the incident based on the reporting by Zeit online. We at the SPD party headquarters became aware of the security vulnerability at Webex through the journalist from Zeit Online". She adds: "We reacted immediately after the confrontation by the journalist and switched off the entire conference system". As a result, no video conferences are possible through the affected system, she continues.

The SPD did not want to explain further whether other unauthorized accesses took place and confidential information was leaked.

This new IT security incident involving Cisco's Webex conferencing software should be a wake-up call for IT managers using the package. Administrators apparently have to adjust settings to secure the systems; the standard configuration does not guarantee confidentiality. The manufacturer, Cisco, has a duty to actively inform its customers and provide best practice instructions on how the conferencing software can be operated securely.

Read also

Bundeswehr: Webex für externe Kommunikation gesperrt

Last week, it became known that the German Armed Forces had openly visible Webex conferences for months. In response to the repeated security problems with Webex, the armed forces finally pulled the emergency brake and blocked external communication via the Webex system.

(dmk)