Is Your Polycom or Cisco Secure Against Eavesdroppers?

 width=

 photo creditjsmjr via Flickr

It sounds like something from a spy thriller:  A cyber hacker listens in on a board meeting through high tech remote control cameras that allow him or her to zoom in to capture images of confidential documents as the unsuspecting victims wrangle over several critical issues.  The problem is if you’re an organization or business with videoconferencing equipment in your boardroom, this scenario could easily happen to you according to the NY Times article “Cameras May Open Up The Boardroom To Hackers.”

 

Videoconferencing Convenience or Security?

It turns out that traditional H.323 systems like Polycom, Cisco, Logitech LifeSize, Sony, and others are

extremely hard to make both secure and convenient to use. For many businesses convenient videoconferencing has meant sacrificing security by putting their videoconferencing systems outside their firewall instead of doing extremely complex firewall configurations to let in only specific traffic.  It has also meant that these room systems are often set to automatically accept any incoming calls.  In fact, auto-accept is the default mode for Polycom systems whether high- or low-end.

This security hole was discovered by a chief security officer of Rapid7, a company whose bread and butter is to find security holes in computer systems. The CSO H.D. Moore, created a program to look for videoconferencing rooms outside of firewalls that were set to automatically answer calls.  After less than 2 hours of scanning Moore’s program found 5000 such unsecured conference rooms which automatically accepted his calls, allowing him to “break into” institutions from law firms to pharmaceuticals to universities to medical centers.  He even found that he could hack into secured systems, by looking them up and calling them from an unsecured room’s address book.

The VSee Take

For VSee users there is no question of security or convenience.  Unlike the Polycoms and Ciscos, VSee is designed to make videoconferencing both secure and convenient to use.  VSee’s built-in p2p NAT traversal means that a firewall does not have to be opened up very wide for VSee to work.  In fact, it isn’t necessary to open up any incoming UDP, but only outgoing UDP.  Furthermore VSee’s auto-accept feature is set up to be selective so you can choose which usernames will be automatically accepted rather than auto-accepting calls from random users.

Read More

 

Follow us on Twitter (@VSee) and Like us on Facebook to hear about the latest from VSee!

 

Comments ( 2 )
  • anne
    Annie White says:

    The feature Vsee has auto-acception feature that is set up to be selective so that we can choose which usernames will be automatically accepted rather than auto-accepting calls from random users is really intersting..

  • anne
    anne says:

    Thanks, Annie! We take security very seriously at VSee. When people have set VSee to auto-accept any call, it’s usually for demo and test accounts, so customers can test out their VSee setup ahead of time. People can also set up auto-accept in a way so that the call automatically displays an instructional message and a muted (grayed-out) video window.

The comments are now closed.