HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs — all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet.
“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them,” Moore told the New York Times.
Moore found he was able to listen in on meetings, remotely steer a camera around rooms as well as zoom in on items in a room to discern paint flecks on a wall or read proprietary information on documents.
Despite the fact that the most expensive systems offer encryption, password protection and the ability to lock down the movement of cameras, the researchers found that administrators were setting them up outside firewalls and failing to configure security features to keep out intruders. Some systems, for example, were set up to automatically accept inbound calls so that users didn’t need to press an “accept” button when a caller dialed into a videoconference, opening the way for anyone to call in and eavesdrop on a meeting.
Using a program that Moore wrote, the researchers found the conference rooms by scanning the Internet for videoconference systems that were set up outside firewalls and configured to automatically answer calls.
In less than two hours, they found systems installed in 5,000 conference rooms around the country, including an attorney-inmate meeting room at a prison, an operating room at a university medical center, and a venture capital company where prospects were pitching their companies while laying out their financial details on a screen in the room.
Companies sometimes set up their systems outside firewalls so that other companies can easily call into the videoconferencing system without having to set up complex, but safer configurations.
But as a result, Moore found not only that he could easily hijack systems, but he could also access systems that he otherwise couldn’t find through an internet scan. For example, after gaining access to one law firm’s system, he was able to open its address book and see dialing information for conference rooms at other companies, even if ones behind firewalls. That’s how he found the Goldman Sachs boardroom.
It’s unclear whether it’s actually illegal under anti-hacking laws to call into an unsecured conference line that doesn’t require a password, but Moore said he refrained from calling the Goldman Sachs boardroom out of fear he might be “crossing a line.”
Photo: Fatty Tuna/Flickr