Posted by: Michael Tidmarsh
Rapid 7, Videoconferencing
With one simple call, the CSO of Rapid 7, HD Moore, could see into the boardrooms of law firms, pharmaceutical and oil companies, and even Goldman Sachs.
With only exploring 3% of the Internet, Moore and Mike Tuchen, found over 5,000 video conferencing unsecured systems not installed into their firewall. The result: anyone all across the world could watch and listen in to their meetings.
In an interview with the New York Times, Moore explains why video conferencing security is extremely important. “These are literally some of the world’s most important boardrooms-this is where their most critical meetings take place-and there could be silent attendees in all of them,” he said.
Why would companies set up their video conferencing this way? Moore explains it’s easier for other companies to be included in conference calls but it restricts their safety.
Imagine: a multi-national corporation having a board meeting pertaining to their projected revenue or future deals and their competitors are watching without them even noticing.
Moore explains how easy it was to break into several video conferencing systems. “Any machine that accepted a call was set to autoanswer. It was fairly easy to figure out who was vulnerable, because if they weren’t vulnerable, then they would not have picked up the call,” Moore said.
This can become a troubling problem for companies if it’s not settled quickly and quietly. Tuchen believes the safest way to secure calls is to install a ‘gatekeeper’ that connects calls outside the firewall. However, the process takes time and is usually skipped.
One would have to imagine if these two men could successfully hack into thousands of video conferencing systems, what could some of the world’s greatest hackers do?
“Any reasonably computer literate 6-year-old can try this at home,” Tuchen said.
Now companies have to ask themselves: security over access?
Michael Tidmarsh is the Assistant Community Editor at ITKnowledgeExchange.com. He can be reached at firstname.lastname@example.org