Metadata and dial-in links to digital Bundeswehr meetings were publicly accessible for months – some with generic access names such as “Test”.
There was a security gap in the Bundeswehr’s Webex instance, which, according to the CIR cyber force, has now been closed. When asked on Saturday, a spokesman for the force for cyber and information space confirmed that there had been a “vulnerability” during the week, but that it had been eliminated within 24 hours. However, according to research by “Zeit”, the problem persisted for months.
Metadata such as times and participants could be viewed via the Webex communications platform. However, the Bundeswehr explains that it was not possible to dial in or access any confidential content.
More than 6,000 meetings can be found
“Zeit Online” had previously reported on the security gap. According to the portal, the Bundeswehr separated the Webex instance from the Internet. The service can still be used for internal meetings. More than 6,000 meetings could be found online.
Loading…
Embed
The Bundeswehr only became aware of the problem after an inquiry from “Die Zeit,” the newspaper writes. Titles, schedules and participants were available. According to the Bundeswehr, these were not accessible, but in some cases the title of the meeting already revealed what it was about. An example: “Review milestone plan Taurus and finalization”. Air Force Chief Ingo Gerhartz’s actually private meeting room was also open to the public – with completely generic access names like “Test”.
At the beginning of March, a Webex conference call recorded by Russia between four high-ranking officers, including Air Force Chief Ingo Gerhartz, caused a considerable stir. In it, the officers discussed operational scenarios for the Taurus missiles in the event that they were to be delivered to Ukraine. The Defense Ministry later blamed the leak on the carelessness of a Bundeswehr general in Singapore.
