In a report first published in The New York Times, HD Moore of vulnerability management firm Rapid7 warned about how expensive videoconferencing equipment is being left improperly secured. This could potentially allow hackers to connect via the Internet to eavesdrop on privileged boardroom discussions, or zoom in via high-definition cameras to read confidential reports placed on the conference room table.

Using a handful of computers, Moore scanned about 3 percent of addressable Internet space over two hours for systems that understand the H.323 protocol widely used for IP videoconferencing systems. A quarter of a million such systems were identified and then narrowed down to 5,000 using the popular Metasploit framework to filter out non-secure configurations.

According to Moore, these 5,000 systems are videoconferencing systems set to automatically answer incoming calls. "Any machine that accepted a call was set to auto answer," Moore said, speaking to Dark Reading. "It was fairly easy to figure out who was vulnerable, because if they weren't vulnerable, then they would not have picked up the call."

Systems configured to automatically answer incoming calls can be turned on without attracting the attention of people in the room. Moore says the bulk of these videoconferencing systems were made by Polycom, which ships its systems with auto-answering functionality enabled by default. It is a trivial matter to disable the feature though, and the use of a firewall should also block efforts by unauthorized users to gain access to this videoconferencing system.

If your business deploys a teleconferencing system--or is considering it--you may want to read the rebuttal by David Maldow, of telepresence consulting firm Human Productivity Lab, and the response by HD Moore published on Telepresence Options here.

For more:
- check out this article at Dark Reading
- check out this article at Computerworld
- check out this article at Telepresence Options

Related Articles:
Can you see me now? 2 reasons video calling hasn't caught on
What happens to Skype now that it is officially Microsoft's?
Cisco: Keep your video out of the cloud
Polycom to bring HD video collaboration software to iPad 2, Android devices