Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hackers use videoconferencing cameras to spy on boardroom meetings

Rapid7 researchers show video vulnerability that manipulates video cameras

Article comments

Teleconferencing vendors say they're trying to strike the right balance between security and usability after security researchers found they could dial in to the conference lines of major companies and manipulate video cameras to spy on boardrooms.

HD Moore and Mike Tuchen revealed their research for security company Rapid7 on Monday, detailing how easily attackers can secretly spy on boardrooms where conferencing systems have been left open to receive calls from anyone by default.

The problem boils down to auto-answer, a feature in products from companies such as Cisco, LifeSize and Polycom that automatically connects incoming video or audio calls. Moore, who is chief security officer at Rapid7, wrote a program to scan for teleconferencing systems in which administrators left this feature enabled, a major security issue.

Moore's scan covered about 3% of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organisations had left auto-answer enabled in products from vendors including Polycom, Cisco, LifeSize and Sony. Overall, the findings mean up to 150,000 systems across the internet could be vulnerable, according to Rapid7.

Once inside a conference room, Rapid7 said that even cheap videoconferencing systems could allow a person to "read a six digit password from a sticky note over 20 feet away from the camera".

"In an otherwise quiet environment, it was possible to clearly hear conversations down the hallway from the video conferencing systems," Moore wrote. "A separate test confirmed the ability to monitor a user's keyboard and accurately capture their password, simply by aiming the camera and using a high level zoom."

But if all of the security features of the various teleconferencing systems were enabled, Moore "couldn't imagine anyone would use the product to make a phone call" due to the complexity.

Companies often set up the systems outside their corporate firewall to make it easier, but that poses security risks. Deploying the systems inside a firewall can be difficult, as teleconferencing systems can use up to 30 different protocols in order to set up a call, which means firewalls have to be adjusted in order to let the calls come through, Moore said.

Polycom, one of the major teleconferencing vendors, ships most of its products with auto-answer enabled by default, according to Rapid7.

Polycom said it recommends administrators disable auto-answer when deploying a system outside the firewall, and that most of its systems are deployed within the firewall and therefore operate in a secure environment. Customers prefer the auto-answer feature enabled to make it easy for IT to manage video systems remotely, the company said.

Cisco said it was not aware of any new software vulnerabilities in its TelePresence products. On the issue of auto-answer, Cisco said "the feature on all Cisco TelePresence products is set by the administrator of the network."

LifeSize, a division of Logitech, said it ships all of its products with auto-answer disabled by default. Secure deployment remains a challenge with video conferencing systems, and the company is committed to simplifying the process, it said.

LifeSize said it offers a client-server NAT traversal product called LifeSize Transit, which helps administrators set up conferencing behind the firewall with encryption. A cheaper option is LifeSize's Connections, which involves downloading a program to a computer. The cloud-based service allows for encrypted calling behind the firewall with a simplified setup process.

LifeSize is also doing more to try to educate its customers. On January 24 it launched the LifeSize Enablement Network, which is a series of short video training clips to educate its customers more about it products. That programme was in development well before Rapid7's findings were publicised, according to a LifeSize spokeswoman.

But Moore feels overall teleconferencing systems should be made easier to securely deploy since they "are not very well understood by the technical people," he said.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *