Hacker HD Moore is a chief security officer at Rapid7, a company that looks into security holes. As part of his work, Moore "explored" the realm of videoconferencing systems. What he found was surprising.
Moore discovered that there are thousands of boardrooms across the nation that are vulnerable to hacks.
Moore easily found he could access meetings for top companies, business, banks, and even law firms. The frightening part? Videoconferencing systems make it difficult to detect errant listeners if the right security settings aren't initiated.
Moore also found he could access web cameras used in videoconferencing systems. With a few clicks he could use the cameras to take a view of the room. In some cases he could even zoom in close enough to read documents.
How is this possible? Given that some videoconferencing systems are incredibly expensive, it seems that they should have a higher level of security.
They do. The problem is that in many cases, administrators are not setting the systems up properly. They choose to set the conference outside of firewalls that would help protect against hacks, according to The New York Times.
Sometimes they also choose to set the videoconference to automatically accept all who dial-in. This means there is no filtering system when it comes to who "attends."
Polycom manufactures high-end and low-end videoconferencing equipment. Their devices are programmed to "auto-answer" calls by default. A Polycom spokesman told The New York Times that their devices offer security features that can be enabled by customers.
Yet it is unclear if some businesses simply aren't aware that their videoconference security may be vulnerable. General counsels everywhere may want to check their systems' security settings to ensure confidential meetings remain confidential.
- I Spy Your Company's Boardroom (Wired)
- Control Employee Web Usage: Online Security for Law Firms (FindLaw's Technologist)
- Is The Hacker World Targeting Your Law Firm? (FindLaw's Technologist)