The New York Times reported that boardroom and other cameras are often left open to outside viewers. The article profiles one security expert, HD Moore of Rapid7 in Boston, who “visited” dozens of conference rooms across the country, changing camera angles and zooming in on objects. Moore demonstrated that outsiders can view and eavesdrop on discussions in these rooms easily.
The vulnerability exists because now most videoconferencing runs on Internet protocol (IP) like many devices today. However, some installers are adding this technology outside the firewall in the mistaken belief that these technologies aren’t as vulnerable to malicious users.
The news comes at a time when a greater number of devices, including control and automation are being attached to the network. The article describes how the U.S. Chamber of Commerce discovered that a printer and a thermostat were communicating with a Chinese Internet address.
The videoconferencing vulnerability arises out of the desire to make these systems push-button easy. “New systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an “accept” button every time someone dials into their videoconference,” the article states.
While the extent and number of organizations experiencing this vulnerability is debatable, this is something any A/V specialist should think about when installing these systems.