Could hackers use your company's videoconferencing equipment to spy on your meetings? Yes, quite possibly – but it's easy to prevent. Here's how to lock down your system right now.
Over the past six years, high-definition videoconferencing systems have become increasingly ubiquitous in corporate boardrooms and meeting rooms. The benefits of videoconferencing – productivity gains, cost savings, competitive advantage, and more – have long been obvious. But, until recently, the associated security risks have not received much attention.
That changed two months ago, when security researchers at Rapid7 went public with an analysis of significant vulnerabilities in corporate videoconferencing systems. According to Rapid7 researchers HD Moore and Mike Tuchen, those vulnerabilities could allow attackers to eavesdrop on confidential meetings, read documents sitting on a conference room table, or even zoom in to record keystrokes (such as passwords) typed by meeting participants on their laptops.
The vulnerabilities, which were picked up and publicized by The New York Times and Wired, boiled down to two primary issues: "A large portion of video conferencing equipment is connected to the Internet without a firewall and is configured to automatically answer incoming video calls," the Rapid7 researchers wrote in a blog post. "This allows a remote intruder to monitor both audio and video information, often with little or no indication to the target."
So what can companies do to prevent such attacks?