Videoconferencing Is Opportunity for Law Firm Hackers; Techie Demonstrates Vulnerability
Posted Jan 23, 2012 8:00 AM CST
By Debra Cassens Weiss
A technology security firm has managed to hack into law firms, courtrooms and corporations through their videoconferencing equipment.
HD Moore, a chief security officer at Rapid7, demonstrated his hacking abilities for the New York Times. “With such equipment,” the Times says, “the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table." The demonstration, however, produced only images of vacant conference rooms.
According to Rapid7, Internet protocol videoconferencing systems set up outside firewalls may be vulnerable to hackers. The equipment can be accessed through a feature that allows callers to dial in without the need for a moderator to press an “accept” button.
Moore was able to find systems outside the firewall through a computer program he wrote, the story says. In less than two hours, he had scanned 3 percent of the Internet and found 5,000 unprotected systems, including law firm conference rooms and an inmate meeting room at a prison.
In one instance, Moore accessed a law firm directory and found an entry for “Goldman Sachs Board Room,” which could allow him to access Goldman Sachs even though it is protected by a firewall.