Subscribe RSSH.D. Moore and Mike Tuchen revealed their inquiry for security company Rapid7 on Monday, detailing how easily attackers can secretly spy on boardrooms where conferencing systems have been liberal open to receive calls from anyone by default.
The problem boils down to auto-answer, a feature in products from companies such as Cisco, LifeSize and Polycom that automatically connects entering video or audio calls. Moore, who is chief security officer at Rapid7, wrote a program to examine for teleconferencing systems in which administrators left this feature enabled, a major security issue.
Moore's pore over covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organizations had hand auto-answer enabled in products from vendors including Polycom, Cisco, LifeSize and Sony. Inclusive, the findings mean up to 150,000 systems across the internet could be vulnerable, according to Rapid7.
