HireCentrix News - News Articles

HD Moore finds thousands of exposed conference and board rooms where secrets aren't so secret

Computerworld - Tens of thousands of video conferencing setups, including some in corporate meeting rooms where the most confidential information is discussed, are vulnerable to spying attacks, researchers said this week.

After spending months rooting around top-end video conferencing hardware and software, and taking tours through meeting rooms himself, HD Moore said the danger was a "perfect storm" brought on by lazy habits and sloppy security settings.

"Many of these [video conferencing installations] are naked on the Internet," said Moore, the chief security officer at Rapid7.

Using scanning tools, Moore surveyed a small fraction of the Internet to find hardware that used the H.323 protocol -- the most widely-used by video conferencing equipment -- and discovered that 2% were at risk of hacker infiltration because they were set to automatically answer any incoming calls and were not protected by a firewall.

On the Internet as a whole, Moore estimated that more than 150,000 video conferencing setups were vulnerable to eavesdropping using the hardware's microphone and spying via the remote-controlled camera.

The biggest gaffes in video conferencing are the auto-answer feature and the positioning of the hardware sans a firewall, or outside the organization's usual defensive perimeter, said Moore. And even when they seem to be protected, some firewalls fail to properly handle the H.323 protocol, and in fact expose the hardware to infiltration.

Read More

##

Comments: