The New York Times is reporting that Rapid7 researchers have discovered that they could remotely infiltrate conference rooms in some of the top venture capital, law firms, pharmaceutical and oil companies across North America by simply calling in to unsecured videoconferencing systems found by scanning the internet.
Moore found he was able to listen in on meetings, remotely steer a camera, and zoom in on items in the room to read proprietary information on documents. Most expensive videoconferencing systems offer encryption, password protection and camera lock down capabiilties, but they found that administrators were setting them up outside of firewalls for convenience, and not properly configuring security features. Some systems were set up to automatically accept inbound calls, opening the way for anyone to call in and eavesdrop on a meeting.
“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”
Time to review your video and conference call setups, folks. It would be terrible to find out that privileged client or finiancial information was so easily obtainable AFTER the fact!