Flaws in Videoconferencing Systems Make Boardrooms Vulnerable (original) (raw)
Technology|Cameras May Open Up the Board Room to Hackers
Advertisement
You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load.
Cameras May Open Up the Board Room to Hackers
Mike Tuchen, left, and HD Moore of Rapid7 were able to gain access to company boardrooms with videoconferencing equipment.Credit...Gretchen Ertl for The New York Times
- Jan. 22, 2012
SAN FRANCISCO — One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.
With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.
In this case, the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers.
Businesses collectively spend billions of dollars each year beefing up security on their computer systems and employee laptops. They agonize over the confidential information that employees send to their Gmail and Dropbox accounts and store on their iPads and smartphones. But rarely do they give much thought to the ease with which anyone can penetrate a videoconference room where their most guarded trade secrets are openly discussed.
Mr. Moore has found it easy to get into several top venture capital and law firms, pharmaceutical and oil companies and courtrooms across the country. He even found a path into the Goldman Sachs boardroom. “The entry bar has fallen to the floor,” said Mike Tuchen, chief executive of Rapid7. “These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”
Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone lines. Over the last decade, videoconferencing — like everything else — migrated to the Internet. Now, most businesses use Internet protocol videoconferencing — a souped-up version of Skype — to connect with colleagues and customers. Most of these new systems were designed with visual and audio clarity — not security — in mind.
Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.
Thank you for your patience while we verify access.
Already a subscriber? Log in.
Want all of The Times? Subscribe.
Advertisement