A significant security breach in Germany’s military communication systems led to the exposure of more than 6,000 meetings, some of which were classified, leaking extensive details online. According to an investigation by Zeit Online, thousands of links to video meetings hosted on the Cisco Webex platform were found publicly accessible on the internet. These meetings included sensitive Bundeswehr (German military) internal information, and despite claims from a military spokesperson that joining these meetings without authorization was not possible, the mere availability of these links posed a substantial security risk.
The investigation revealed that the Bundeswehr did not practice regular deletion of old video recordings, exacerbating the risk of unauthorized access. Metadata visible to outsiders included detailed information such as the times of meetings, participant details, and discussion topics. It was also noted that the meetings were numbered consecutively, making the URLs predictable and susceptible to unauthorized access attempts. The lax security measures around these conferences were highlighted by the additional risk posed by phone dial-in options, which lacked encryption and proper participant verification processes.
Research into this security lapse was based on findings by the Netzbegrünung association, a group of security experts. Their research pointed out that many meeting titles were openly labeled with classifications such as “classified information – only for official use,” making the sensitive nature of the information obvious. This situation underscored significant vulnerabilities within the Bundeswehr’s use of the Cisco Webex platform, questioning the suitability and security of this tool for handling classified communications.
This breach raises larger concerns about Cisco’s commitment to addressing known security issues within its products. The report criticizes Cisco for not adequately addressing the problem of predictable meeting IDs in their Webex platform, accusing them of neglecting significant security concerns in favor of marketing new products. This situation follows a disturbing incident in March where Russian spies reportedly joined a Webex conference and recorded discussions among top German military officials about possible military aid to Ukraine, further stressing the critical nature of these security failures. These events not only challenge the security protocols of the Bundeswehr but also highlight the broader implications for national security and the protection of sensitive governmental communications.
