27 Jan 2012

Video conferencing may be vulnerable to hackers

A report from HD Moore and Rapid7 says that video conferencing could have some internet security flaws that would allow hackers to "essentially gain a front-row seat inside corporate meetings."

"Any machine that accepted a call was set to autoanswer," Moore, a security researcher said, according to Dark Reading. "It was fairly easy to figure out who was vulnerable, because if they weren't vulnerable, then they would not have picked up the call."

Moore, the chief security officer for Rapid7, a vulnerability management firm, previously scanned 3 percent of addressable internet space looking for high-end videoconferencing systems. The scan took two hours and found servers with these systems and was able to connect with them long enough to be let in before the connection was dropped. He said it found places that could afford $25,000 video conferncing systems, which Moore said was a "self-selecting set of targets."

Polycom, a major teleconferencing vendor, told PCWorld that it recommends administrators disable auto-answer when deploying a system, as it can make them easy targets for internet security breaches when left on.