Rapid 7’s Chief Security Officer HD Moore conducted a small experiment to show exactly which devices are vulnerable and how they could be overtaken.
After scanning only 3% of the IP addresses supporting the H.323 protocol, the one utilized by video conferencing systems, Moore found 250,000, out of which 5,000 were set to automatically receive incoming calls.
The expert estimates that around 150,000 video conference systems are affected by the security weakness, and the worst part is that even cheap ones have the necessary performance to allow someone to read a password written on a piece of paper 20 feet away from the camera.
Polycom, one of the leading suppliers of video conferencing equipment, highlights the security risks in the auto-answer option, even so, all their products come with the feature enabled by default.
Sony and other vendors don’t practice this policy and it’s probably for the best, especially since not many will take the time to make sure their devices are properly set up and secure, not to mention reading the manual.
Firewalls could mitigate attacks, but since most of them can’t handle the H.323 protocol, the devices are exposed, unless they’re assigned a public address.
Unsecure web interfaces on the equipment in question may also pose an issue.
“The web interfaces on video conferencing devices can often be used to initiate outbound calls to other parties. In some cases, the remote party may have adequately secured their system, but added an allowance for a particular device or organization,” Moore said.
“The ability to initiate calls on these devices can bypass the security of a third-party system in this manner.”
Telepresence believe that the issue is not as serious as Rapid7 claims, but the research clearly shows that the flaws exist, even if they can only be exploited in certain situations.