photo credit: jsmjr via Flickr
It sounds like something from a spy thriller: A cyber hacker listens in on a board meeting through high tech remote control cameras that allow him or her to zoom in to capture images of confidential documents as the unsuspecting victims wrangle over several critical issues. The problem is if you’re an organization or business with videoconferencing equipment in your boardroom, this scenario could easily happen to you according to the NY Times article “Cameras May Open Up The Boardroom To Hackers.”
Videoconferencing Convenience or Security?
It turns out that traditional H.323 systems like Polycom, Cisco, Logitech LifeSize, Sony, and others are
extremely hard to make both secure and convenient to use. For many businesses convenient videoconferencing has meant sacrificing security by putting their videoconferencing systems outside their firewall instead of doing extremely complex firewall configurations to let in only specific traffic. It has also meant that these room systems are often set to automatically accept any incoming calls. In fact, auto-accept is the default mode for Polycom systems whether high- or low-end.
This security hole was discovered by a chief security officer of Rapid7, a company whose bread and butter is to find security holes in computer systems. The CSO H.D. Moore, created a program to look for videoconferencing rooms outside of firewalls that were set to automatically answer calls. After less than 2 hours of scanning Moore’s program found 5000 such unsecured conference rooms which automatically accepted his calls, allowing him to “break into” institutions from law firms to pharmaceuticals to universities to medical centers. He even found that he could hack into secured systems, by looking them up and calling them from an unsecured room’s address book.
The VSee Take
For VSee users there is no question of security or convenience. Unlike the Polycoms and Ciscos, VSee is designed to make videoconferencing both secure and convenient to use. VSee’s built-in p2p NAT traversal means that a firewall does not have to be opened up very wide for VSee to work. In fact, it isn’t necessary to open up any incoming UDP, but only outgoing UDP. Furthermore VSee’s auto-accept feature is set up to be selective so you can choose which usernames will be automatically accepted rather than auto-accepting calls from random users.
- Vidyo’s analysis of the NY Times article stirring up so much talk – Security: Not All Video Conferencing Platforms Are Created Equal
- Post with a short video from Mashable – Most Video Conferencing Systems Are Vulnerable To Hackers [VIDEO]
- The requisite opposition post discussing why this security issue is blown out of proportion How to Defend Your Boardroom Against “Videoconferencing Hackers” and Other Mythical Creatures