IT security researchers have found vulnerabilities in video conferencing systems at thousands of top level corporations that may enable a hacker to spy on the boardroom.
Rapid7, based in Boston, Massachusetts in America, demonstrated the security flaw to a reporter from the New York Times, hacking into boardrooms, viewing video images and even taking control of the pan-tilt-zoom functions.
Exploiting this vulnerability, the hacker could easily read confidential reports and eavesdrop on conversations.
HD Moore, chief security officer at Rapid7, found he could gain access to several top venture capital and law firms, pharmaceutical and oil companies and even courtrooms. He even found a way into Goldman Sachs’ boardroom.
The problem has developed as video conferencing technology has migrated to the internet. Rapid7 says that the problem occurs when the IT department installs these systems outside the corporate firewall. The correct procedure is complex and often skipped, Moore said.
Many systems are set to answer incoming calls automatically so a user doesn’t even have to press OK to initiate the call.
While the story has been quick to spread on the internet, some commentators have dismissed the story, claiming that the concerns that it raises are overblown.
The videoconferencing industry has had security in mind since its inception and some of the most keen adopters of the technology have included banks and military organisations. According to Telepresence Options magazine, critical systems are always positioned behind firewalls.
And it’s immediately obvious if someone is “dialling” into the system as they are generally designed to ring loudly and turn on the monitors if anyone calls, so it’s highly unlikely that anyone could be caught unawares by a hacker.