cameras may open up the board room to hackers
Nicole Pelosi.
Month, San Francisco-
One afternoon this month, a hacker visited more than a dozen conference rooms around the world through the equipment owned by most companies in these meeting rooms;
Video conferencing equipment.
As the mouse moved, he turned the camera to each room and occasionally zoomed in at such a precise speed that he could discern the grooves on the wood and the paint spots on the wall.
In a room, he went through a window, through a parking lot, and came to the Bush 50 yards away, where a small animal could be seen punching holes under the Bush.
With such a device, hackers can easily eavesdrop on privileged lawyers
The client talks or reads trade secrets on the report on the meeting room table.
In this case, the hacker is Rapid7\'s chief security officer, HD Moore, a Boston-based company, looking for security holes in computer systems in equipment such as toaster ovens and Mars landing equipment.
His latest finding is that video conferencing devices are often vulnerable to hacking.
Businesses spend billions of dollars each year to strengthen the security of computer systems and employee laptops.
They suffer from confidential information that employees send to Gmail and Dropbox accounts and store on iPads and smartphones.
However, they rarely consider that anyone can easily enter the video conference room where they openly discuss their most conservative business secrets. Mr. advertising
Moore found it easy to enter several of the country\'s top venture capital and law firms, pharmaceutical and oil companies, and courts.
He even found a way into the Goldman Sachs board.
\"The entrance bar has fallen to the floor,\" said Mike Tuchen, CEO of Rapid7 . \".
\"These are the most important boards in the world --
Their most important meeting was held here.
All participants may be silent.
Ten years ago, the video conferencing system was very complex and unstable, and it was running at a high level that was expensive and closed.
Fast telephone line.
Video conferencing over the past decade
Like everything else.
Migrate to the Internet.
Now, most companies use Internet Protocol video conferencinga souped-
Up version of Skype
Keep in touch with colleagues and clients.
Most of these new systems are designed with visual and auditory clarity --not security —in mind.
Rapid7 finds thousands of businesses investing in top-tier businesses
High quality video conferencing equipment but cheap.
According to Wainhouse Research, from July to last September, the company spent about $0. 693 billion on group video conferencing.
The most popular products sold by Polycom and Cisco cost as much as $25,000 and have encryption features
HD video capture and audio that can receive open door sound 300 feet away.
But administrators are setting them up outside the firewall and configuring them with the false sense of security that hackers can use to deal with them.
Whether the real hacker is using this vulnerability is unknown;
No company has been hacked. (
One person will not know, in any case, most people will not know. )
However, video conferencing systems are everywhere, making it a simple goal.
This is certainly not the first time a hacker has taken advantage of a vulnerability on office hardware.
After the US Chamber of room Commerce security breach last year, the Chamber of Commerce found its office printer, even the thermostat in the Chamber of Commerce --
I have been communicating with Internet addresses in China.
But through video conferencing, the company seems to have gone out of its way to make itself vulnerable.
In many cases, they not only put their systems on the Internet, but also set them up in a way that allows anyone not to be noticed.
The new system is equipped with the ability to automatically accept incoming calls, so users do not have to press the Accept button every time someone dials into a video conference.
The effect is that anyone can dial into the room and look around, the only sign of their appearance is a small light on the console unit, or a silent swing of the camera.
Advertising two months ago
Moore wrote a computer program that scans the video conferencing system outside the firewall on the Internet and is configured to answer calls automatically.
In less than two hours, he went through the Internet for 3%.
He found 5,000 wide in that strip.
Open meeting rooms in law firms, pharmaceutical companies, refineries, universities and medical centers.
He found a lawyer by accident.
The prisoner\'s meeting room in the prison, the operating room in the university\'s medical center, and a venture capital pitch meeting, the company\'s financial status is shown on the screen.
In the supplier that appears in Mr.
Moore\'s scans are Polycom, Cisco, life size, Sony and others.
Where, Polycom-
Lead the video conference market in sales units
Is the only manufacturer to ship equipment. from its low-
High-end ViewStation models
High end HDX productswith the auto-
The answer feature is enabled by default.
Please click on the box to verify that you are not a robot.
The email address is invalid. Please re-enter.
You must select the newsletter you want to subscribe.
View all New York Times newsletters. In an e-
Mail, Polycom spokesman Sean Danas said, automatic
Answerfeature has several security elements built into it that can be activated by customers, including password protection, automatic
In addition, Polycom provides a camera lens cover.
\"The security level is designed to make it easy for our customers to achieve the security that suits their business,\" he said.
Polycom Video Conferencing System appearing in Mr.
Moore\'s scan has no control to block the camera and requires a password or mute.
\"Many Polycom systems are sold, installed and maintained without any access to security levels and have automatic
Answer is enabled by default, \"Mr. Moore says.
\"It boils down to whether the organization is aware of the risks, and our research shows that many organizations, even
Venture capital companies, even the most basic security measures, are not aware of or implemented. "Mr.
Tuchen of Rapid7 said that as a shortcut, enterprises put their video conferencing systems outside the firewall so that they can receive calls from other companies without any complicated network configuration.
A safer way to receive calls from other companies
Tuchen said it was to install a \"gatekeeper\" to securely connect calls outside the firewall.
But, he says, the process is \"very complicated to configure correctly\" and is \"often skipped \". "Ira M.
Weinstein, a market research firm specializing in media conferences, a senior analyst at winnihouse research, disagrees with the claims that most companies place systems outside the firewall.
\"Companies that really need to worry about violations --
Department of Defense, bank-
Put their system behind the firewall . \"Weinstein said.
\"This does not mean that there are no exceptions.
If you talk to an outside company, you need to decide whether you want to get it or are completely safe.
I can never leave my house, safe.
But I want you to know
This is the choice people make.
But in some cases,
Moore found that he could jump from an open system to its address book, dial into the meeting rooms of other companies, and even those companies that put the system behind the firewall.
That\'s how Goldman Sachs is.
Not in the bank\'s meeting room.
Moore\'s initial scan, but an entry called \"Goldman Sachs board room\" appeared in the Goldman Sachs video conference and a law firm\'s catalogue. Mr.
Moore, who did not give the firm\'s name, said he did not dial into Goldman because he was afraid of \"crossing the line.
He said advertising
\"Anyone who knows a computeryear-
The old one can try this at home.
\"A version of this article was printed on page B1 of the New York edition on January 23, 2012, with the title: a conference held through a network called Risky.
Order reprint | today\'s newspaper | subscribe we are interested in your feedback
Month, San Francisco-
One afternoon this month, a hacker visited more than a dozen conference rooms around the world through the equipment owned by most companies in these meeting rooms;
Video conferencing equipment.
As the mouse moved, he turned the camera to each room and occasionally zoomed in at such a precise speed that he could discern the grooves on the wood and the paint spots on the wall.
In a room, he went through a window, through a parking lot, and came to the Bush 50 yards away, where a small animal could be seen punching holes under the Bush.
With such a device, hackers can easily eavesdrop on privileged lawyers
The client talks or reads trade secrets on the report on the meeting room table.
In this case, the hacker is Rapid7\'s chief security officer, HD Moore, a Boston-based company, looking for security holes in computer systems in equipment such as toaster ovens and Mars landing equipment.
His latest finding is that video conferencing devices are often vulnerable to hacking.
Businesses spend billions of dollars each year to strengthen the security of computer systems and employee laptops.
They suffer from confidential information that employees send to Gmail and Dropbox accounts and store on iPads and smartphones.
However, they rarely consider that anyone can easily enter the video conference room where they openly discuss their most conservative business secrets. Mr. advertising
Moore found it easy to enter several of the country\'s top venture capital and law firms, pharmaceutical and oil companies, and courts.
He even found a way into the Goldman Sachs board.
\"The entrance bar has fallen to the floor,\" said Mike Tuchen, CEO of Rapid7 . \".
\"These are the most important boards in the world --
Their most important meeting was held here.
All participants may be silent.
Ten years ago, the video conferencing system was very complex and unstable, and it was running at a high level that was expensive and closed.
Fast telephone line.
Video conferencing over the past decade
Like everything else.
Migrate to the Internet.
Now, most companies use Internet Protocol video conferencinga souped-
Up version of Skype
Keep in touch with colleagues and clients.
Most of these new systems are designed with visual and auditory clarity --not security —in mind.
Rapid7 finds thousands of businesses investing in top-tier businesses
High quality video conferencing equipment but cheap.
According to Wainhouse Research, from July to last September, the company spent about $0. 693 billion on group video conferencing.
The most popular products sold by Polycom and Cisco cost as much as $25,000 and have encryption features
HD video capture and audio that can receive open door sound 300 feet away.
But administrators are setting them up outside the firewall and configuring them with the false sense of security that hackers can use to deal with them.
Whether the real hacker is using this vulnerability is unknown;
No company has been hacked. (
One person will not know, in any case, most people will not know. )
However, video conferencing systems are everywhere, making it a simple goal.
This is certainly not the first time a hacker has taken advantage of a vulnerability on office hardware.
After the US Chamber of room Commerce security breach last year, the Chamber of Commerce found its office printer, even the thermostat in the Chamber of Commerce --
I have been communicating with Internet addresses in China.
But through video conferencing, the company seems to have gone out of its way to make itself vulnerable.
In many cases, they not only put their systems on the Internet, but also set them up in a way that allows anyone not to be noticed.
The new system is equipped with the ability to automatically accept incoming calls, so users do not have to press the Accept button every time someone dials into a video conference.
The effect is that anyone can dial into the room and look around, the only sign of their appearance is a small light on the console unit, or a silent swing of the camera.
Advertising two months ago
Moore wrote a computer program that scans the video conferencing system outside the firewall on the Internet and is configured to answer calls automatically.
In less than two hours, he went through the Internet for 3%.
He found 5,000 wide in that strip.
Open meeting rooms in law firms, pharmaceutical companies, refineries, universities and medical centers.
He found a lawyer by accident.
The prisoner\'s meeting room in the prison, the operating room in the university\'s medical center, and a venture capital pitch meeting, the company\'s financial status is shown on the screen.
In the supplier that appears in Mr.
Moore\'s scans are Polycom, Cisco, life size, Sony and others.
Where, Polycom-
Lead the video conference market in sales units
Is the only manufacturer to ship equipment. from its low-
High-end ViewStation models
High end HDX productswith the auto-
The answer feature is enabled by default.
Please click on the box to verify that you are not a robot.
The email address is invalid. Please re-enter.
You must select the newsletter you want to subscribe.
View all New York Times newsletters. In an e-
Mail, Polycom spokesman Sean Danas said, automatic
Answerfeature has several security elements built into it that can be activated by customers, including password protection, automatic
In addition, Polycom provides a camera lens cover.
\"The security level is designed to make it easy for our customers to achieve the security that suits their business,\" he said.
Polycom Video Conferencing System appearing in Mr.
Moore\'s scan has no control to block the camera and requires a password or mute.
\"Many Polycom systems are sold, installed and maintained without any access to security levels and have automatic
Answer is enabled by default, \"Mr. Moore says.
\"It boils down to whether the organization is aware of the risks, and our research shows that many organizations, even
Venture capital companies, even the most basic security measures, are not aware of or implemented. "Mr.
Tuchen of Rapid7 said that as a shortcut, enterprises put their video conferencing systems outside the firewall so that they can receive calls from other companies without any complicated network configuration.
A safer way to receive calls from other companies
Tuchen said it was to install a \"gatekeeper\" to securely connect calls outside the firewall.
But, he says, the process is \"very complicated to configure correctly\" and is \"often skipped \". "Ira M.
Weinstein, a market research firm specializing in media conferences, a senior analyst at winnihouse research, disagrees with the claims that most companies place systems outside the firewall.
\"Companies that really need to worry about violations --
Department of Defense, bank-
Put their system behind the firewall . \"Weinstein said.
\"This does not mean that there are no exceptions.
If you talk to an outside company, you need to decide whether you want to get it or are completely safe.
I can never leave my house, safe.
But I want you to know
This is the choice people make.
But in some cases,
Moore found that he could jump from an open system to its address book, dial into the meeting rooms of other companies, and even those companies that put the system behind the firewall.
That\'s how Goldman Sachs is.
Not in the bank\'s meeting room.
Moore\'s initial scan, but an entry called \"Goldman Sachs board room\" appeared in the Goldman Sachs video conference and a law firm\'s catalogue. Mr.
Moore, who did not give the firm\'s name, said he did not dial into Goldman because he was afraid of \"crossing the line.
He said advertising
\"Anyone who knows a computeryear-
The old one can try this at home.
\"A version of this article was printed on page B1 of the New York edition on January 23, 2012, with the title: a conference held through a network called Risky.
Order reprint | today\'s newspaper | subscribe we are interested in your feedback
Comments
Post a Comment