Video conferencing systems as a spy tool

Several video conferencing systems are unprotected over the Internet to reach, such as the security expert HD Moore during a three-month investigation has found . Moore has scanned about three percent of all IP addresses and discovered 250,000 systems, which used the video conferencing systems used by H.323 protocol. Of these, nearly 5000 configured to accept incoming calls automatically – especially equipment manufacturer Polycom , which delivers most of the models according to the report remains with activated auto-acceptance.

Security expert got an insight into many boardrooms, law firms and offices of venture capitalists and research institutes. A godsend for industrial spies. He got offered a remarkable sound and picture quality. In many cases he could control the cameras remotely to zoom around a password on a list of six meters away is close enough to read it can. It also managed the experts to reconstruct passwords entered by the films of the keyboard (shoulder surfing).

According to the experts, many firewalls have problems with the H.323 protocol, which is why the admins video conferencing systems simply assign an externally accessible IP. Many of the systems are not adequately prepared for this situation, Web interfaces, telnet access, and secured more bad service.
Through the web interfaces poorly secured conferencing Moore is succeeded by its own account even on the fact sufficiently protected systems from other companies continue to shimmy: According to the report, companies configure their conferencing systems often so that they accept calls from certain remote sites automatically. Moore has a poorly secured system called from more remote sites, from the familiar to the system he used. The IPs of the remote sites he found in the address, which is part of the web interface.

Moore expects that the situation is in the reachable via ISDN systems even more dramatic: “My gut feeling tells me that for any system vulnerable can be accessed via the Internet, are twenty others that are available under an obscure ISDN number which has long since forgotten the IT department, “says the expert. Admins can H.323 systems in their networks around the Metasploit module h323_version track.