Free Newsletter
HOT TOPICS >> The tech world's top flops and fiascos of 2011 | Top 8 features in Windows 8 | Paul's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
How hackers can eavesdrop on prevalent videoconferencing systems
In a report first published in The New York Times, HD Moore of vulnerability management firm Rapid7 warned about how expensive videoconferencing equipment is being left improperly secured. This could potentially allow hackers to connect via the Internet to eavesdrop on privileged boardroom discussions, or zoom in via high-definition cameras to read confidential reports placed on the conference room table.
Using a handful of computers, Moore scanned about 3 percent of addressable Internet space over two hours for systems that understand the H.323 protocol widely used for IP videoconferencing systems. A quarter of a million such systems were identified and then narrowed down to 5,000 using the popular Metasploit framework to filter out non-secure configurations.
According to Moore, these 5,000 systems are videoconferencing systems set to automatically answer incoming calls. "Any machine that accepted a call was set to auto answer," Moore said, speaking to Dark Reading. "It was fairly easy to figure out who was vulnerable, because if they weren't vulnerable, then they would not have picked up the call."
Systems configured to automatically answer incoming calls can be turned on without attracting the attention of people in the room. Moore says the bulk of these videoconferencing systems were made by Polycom, which ships its systems with auto-answering functionality enabled by default. It is a trivial matter to disable the feature though, and the use of a firewall should also block efforts by unauthorized users to gain access to this videoconferencing system.
If your business deploys a teleconferencing system--or is considering it--you may want to read the rebuttal by David Maldow, of telepresence consulting firm Human Productivity Lab, and the response by HD Moore published on Telepresence Options here.
For more:
- check out this article at Dark Reading
- check out this article at Computerworld
- check out this article at Telepresence Options
Related Articles:
Can you see me now? 2 reasons video calling hasn't caught on
What happens to Skype now that it is officially Microsoft's?
Cisco: Keep your video out of the cloud
Polycom to bring HD video collaboration software to iPad 2, Android devices
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceCRO | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2012 FierceMarkets. All rights reserved. |
 |
