According to Rapid7, a provider of security risk
intelligence solutions, thousands of video conferencing systems raise several
security concerns and are vulnerable to hacking.
These security issues might become a big problem for
companies that don’t take their video conferencing security serious since many
remote conferences take place in corporate meeting rooms, where sensible
information is discussed.
According to HD Moore, Rapid7 CSO and Chief Architect, “many
of these [video conferencing systems] are naked on the internet.” He estimates
that over 150,000 systems on the internet can be easily hacked into allowing
intruders to listen to private conversations using the system’s microphone and
watching the conference through the computer cameras.
In an interview, Moore
has said that the biggest mistakes in corporate video
conferencing are the auto-answer feature and deploying a video conference
without being firewall protected. Moore
also added that while many systems are protected behind a firewall, many of
them cannot handle the H.323 protocol, leaving the system accessible to
intruders.
Moore,
while researching for systems vulnerabilities, has accessed video
conferences which took place at boardrooms as well as law offices, venture
capital firms and research facilities.
“Often, where video conferencing equipment gets located are
the same places where the most sensitive meetings take place,” said Mike
Tuchen, Chief Executive of Rapid7.
According to both Moore and Tuchen, stopping such attacks
isn’t hard though it requires some technical know-how. One of the easiest ways
of preventing spying is by disabling the auto-answer feature, they explained.
No comments:
Post a Comment