Corporate Boardrooms Open To Eavesdropping 120
Posted
by
Unknown Lamer
from the it's-a-feature-i-tell-ya dept.
from the it's-a-feature-i-tell-ya dept.
cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."
So? (Score:5, Informative)
Not really that new. Most telephone systems allow it too.
The Samsung OfficeServ I have, I'm pretty sure I read in the manual about a "silent auto-answer pickup" you can do to a remote phone to tap into the speakerphone and hear anything said in the room WITHOUT indication of what you're doing on the target phone. All you need is the right passcode (which is easy if you're the IT guy) and the phone extension and you can hear whatever is said in the that room.
Given that phones are much more prevalent, much less prominent, and much more unexpected to be "hacked", I think you'd always have had greater success that way. And modern telecoms is all managed on the LAN and sometimes even remotely, so it's just as at risk as anything else.
The number one rule, of course, is don't let third-parties have access to your network, and don't have those sorts of "features" turned on.
Re:Why video conference? (Score:2, Informative)
I'm sure a social scientist could phrase it better, but the reason for video conference is simply one of channels of information.
As humans, our interpersonal interactions are colored by scads of non-verbal dialog, with facial expressions and posture being significant factors. There's even been studies that people tend to think differently based on what they're wearing (work-from-home-in-pajamas-and-robe being less effective than work-from-home-in-a-suit), much less how other people react to them and choose their dialog. So video helps us communicate more effectively.
As a less theoretical example, I've been part of many remote-caller meetings, where it's obvious on ~my~ end that someone didn't understand an issue, you could tell that just looking at them. The problem is, how can someone on a phone know that? How can they tell that 10-20% of your audience is confused and you need to reiterate a point when none of them individually will speak up?