According to a story published earlier this week by the New York Times, A security expert at Rapid 7 found that common videoconferencing equipment could give hackers access to company conference rooms and boardrooms. An investigation led by chief security officer HD Moore with Rapid 7 began when he wrote a program to scan the Internet for videoconferencing systems.
HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
Moore's scan covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organizations had left auto-answer enabled in products from vendors including Polycom, Cisco, LifeSize and Sony. Overall, the findings mean up to 150,000 systems across the internet could be vulnerable, according to Rapid7.
"What made this interesting is that you are only going to find places that can afford $25,000 videoconferencing systems, so it's a pretty self-selecting set of targets," Moore says.
He hopes that by exposing these flaws it will persuade vendors and end-users to take the issue of video-conferencing security seriously.