Corporate Boardrooms Open To Eavesdropping

cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."

So?

[ledow]

Not really that new. Most telephone systems allow it too.

The Samsung OfficeServ I have, I'm pretty sure I read in the manual about a "silent auto-answer pickup" you can do to a remote phone to tap into the speakerphone and hear anything said in the room WITHOUT indication of what you're doing on the target phone. All you need is the right passcode (which is easy if you're the IT guy) and the phone extension and you can hear whatever is said in the that room.

Given that phones are much more prevalent, much less prominent, and much more unexpected to be "hacked", I think you'd always have had greater success that way. And modern telecoms is all managed on the LAN and sometimes even remotely, so it's just as at risk as anything else.

The number one rule, of course, is don't let third-parties have access to your network, and don't have those sorts of "features" turned on.