Corporate Boardrooms Open To Eavesdropping

cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."

Insider trading

[stevegee58]

If I were looking to do insider trading I wouldn't be bored at all.

this is hilarious

[poetmatt]

Saying that you're not going to find anything is a hilarious misdirect of the fact that the vulnerability has existed for a long time and still does.

Saying "oh they won't find anything" is still not an answer to "but we left the door wide open".

Re:Does this actually work in real life?

[Spectre]

My experiance with those VTC devices is that when they're off, they make efforts to show that they are indeed off, and conversely when someone connects they do stuff like swivel the camera around, turn on lights, etc... It may be possible to do that without someone noticing, but it seems more likely that you're going to get a whole lot of attention from some high power folks.

Since the company I work at does consulting for C-suite people at a lot of different organizations, I'm pretty sure I have observed enough people to cross the line from anecdotal experience to enough data to form a hypothesis (somebody should test it).

The "higher ups" don't understand technology, even as simple as videoconferencing equipment with a remote that is simpler than a typical cable-TV remote.

When they want to use a video conference, they get somebody from "IT" to come in, click the three buttons that make it hook up, then do their conference, and leave the room, still leaving the conference running because they don't know what the "hang-up" button does.

It isn't that they are idiots, it is just that they don't care, they have "people who handle that stuff" so they don't have to.

So, if the camera comes on, swivels around, auto-focuses, red lights come on, they ignore it, because they don't perceive it as "something I need to concern myself with".

Re:You're going to be disappointed...and bored

[Anne_Nonymous]

>> All you need is a Corporate to English translator, and you'll get all the incriminating evidence you need.

margin control programs = cheat the customer
continued price symmetry = cheat the customer
expanded target demographics = cheat the customer
synergistic empowerment = cheat the customer
organic growth paradigm = cheat the customer
proactive globalization = cheat the customer around the world
win-win mindshare bandwidth = cheat the customer
granular rightsizing = cheat the customer
golden parachute = thanks for cheating the customer

Re:Does this actually work in real life?

[Medievalist]

You probably could wire a whole fucking Christmas tree lighting to the system and they still would be hard-pressed to notice something happening when it is turned on.

I actually did mount a piece of pegboard in an equipment rack with a smoked glass door and put christmas lights in the holes. I used the kind of lights that have a controller box for running patterns, and set it on "random", and left it running for about five years.

People with suits and ties would just stare at that thing in awe. My boss used to do her dog'n'pony shows standing in front of it.