Renowned researcher and Metasploit creator HD Moore late last year scanned a snapshot of addressable Internet space in search of high-end videoconferencing systems that might be found in corporate boardrooms. What he found was unnerving: a quarter of a million systems that spoke H.323, the protocol used by videoconferencing systems.
He then used a Metasploit module to call up each server and to connect for just enough time to get the public-handshake packets before disconnecting. "Any machine that accepted a call was set to auto-answer," Moore says. "It was fairly easy to figure out who was vulnerable because if they weren't vulnerable, then they would not have picked up the call."
Moore and Rapid 7 CEO Mike Tuchen were then able to pinpoint some 5,000 videoconferencing systems that auto-answered the calls. That means those systems could be abused by an external hacker who could surreptitiously join the videoconference, record video, and read email from a laptop screen of one of the attendees -- something Rapid 7 simulated in its lab.
"What made this interesting is that you are only going to find places that can afford $25,000 videoconferencing systems, so it's a pretty self-selecting set of targets," Moore says.
Moore and his fellow researchers found mostly Polycom videoconferencing systems, most of which ship with auto-answer on by default.
[Evil insulin pumps and laptop batteries, war texting, and a 'tween' hacker captured our imagination -- and our attention. See The 7 Coolest Hacks Of 2011.]
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.