Securing audio and video conferencing against data breaches
Imagine hosting a global teleconference with potential investors looking for a reason to throw some cash your way. You explain your vision for a new product destined to disrupt your industry and bring a new level of convenience to the world.
The investors are impressed by your business plan and projected growth. At the end of your presentation, all investors are on board and want to know how they can get involved.
A couple weeks later, you receive a large chunk of seed capital and begin expanding your business. You hire a team of industry experts who seamlessly piece together your plan, taking special care to guard your trade secrets and intellectual property.
Just three months into building your empire, you see an infomercial and learn that your biggest competitor launched a product just like yours. If you didn’t know any better, you’d swear they ripped off your whole sales pitch and USP. How is that possible?
You look for reasons someone would have sold you out, but quickly realize that your video conferencing session was hijacked.
Video conferencing is a necessary tool for doing business, thanks to the rising number of remote employees. To meet consumer demand, the number of conferencing platforms is increasing, but they’re not all secure.
How are video conferencing sessions getting hijacked?
To test the security of conferencing platforms, HD Moore, chief security officer for Rapid7, easily hacked his way into a dozen conference rooms around the world including a lawyer-inmate meeting, and a medical university’s operating room. He could have entered a Goldman Sachs board room meeting, but chose not to.
He spent the next three months researching why so many video conferencing systems are easily hijacked. Moore analyzed 250,000 systems and found that about 5,000 were configured to accept incoming calls automatically – the root of the problem.
Moore commented on the extent of the problem, “There are an estimated 150,000 systems on the internet as a whole affected by this issue. This does not count the hundreds of thousands of video conferencing systems exposed on the internal networks of large corporations.”
The problem gets worse
A hijacked video conferencing session puts more than the content of your conference at risk.
While testing the security of video conferencing systems, Moore’s team was able to hijack a session and read a 6-digit password written on a sticky note 20 feet from the camera. Conversations could be heard from down the hall, and he was able to control the camera to view the keystrokes of users logging into their private accounts.
You may not be aware if your conferencing system is configured to automatically accept incoming calls. If you want to protect your data, you should make sure that feature is turned off.
You can’t automatically trust the big brand names
Don’t be so quick to think you can trust big brand names in video conferencing software. Moore found security holes in software made by Polycom, Cisco, LifeSize, and even Sony.
To protect your company data from being hijacked, immediately turn off automatic call answering, regardless of what conferencing platform you use. Your best defense, however, is to use a platform with top-to-bottom security and the highest standards for encryption.