By Jason Wilson
Continuing the trend of security lapses in law firms and corporate board rooms around the country, Threat Level reported on a NYT piece titled “Cameras May Open Up the Board Room To Hackers.”
Despite the fact that the most expensive systems offer encryption, password protection and the ability to lock down the movement of cameras, the researchers found that administrators were setting them up outside firewalls and failing to configure security features to keep out intruders. Some systems, for example, were set up to automatically accept inbound calls so that users didn’t need to press an “accept” button when a caller dialed into a videoconference, opening the way for anyone to call in and eavesdrop on a meeting.
Using a program that [HD] Moore [of Rapid7 security company] wrote, the researchers found [over 5,000] conference rooms [in two hours] by scanning the Internet for videoconference systems that were set up outside firewalls and configured to automatically answer calls.
*****
But as a result, Moore found not only that he could easily hijack systems, but he could also access systems that he otherwise couldn’t find through an internet scan. For example, after gaining access to one law firm’s system, he was able to open its address book and see dialing information for conference rooms at other companies, even if ones behind firewalls. That’s how he found the Goldman Sachs boardroom.
When was the last time you did a security review?
[Image (CC) by altemark]
You must log in to post a comment.