Videoconferencing has become a ubiquitous feature in our daily lives, accessible from our phones, tablets and computers. In business, it’s an invaluable tool that helps companies communicate from afar, get deals done and helps save money and time in the process. Videoconferencing is such a popular method of communicating that many businesses don’t even consider the inherent vulnerabilities in their services.
For instance, when shopping for a videoconferencing provider, many companies tend to overlook security functions and instead focus on features like the ability to deliver HD video and audio. And that’s where problems can arise. In 2012, HD Moore, a chief security officer at security firm Rapid7, easily gained access to videoconferencing systems at large venture capital firms, pharmaceutical companies, universities and even courtrooms. With little effort, Moore was not only able to hear what was going on in the boardrooms but could even control the cameras the companies relied on for videoconferencing. “These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them,” Moore told The New York Times.
Why hack a videoconferencing system
There’s no shortage of reasons why a hacker might want to remotely gain access to a videoconferencing system. Imagine a scenario where one of your company’s competitors hires a hacker to break into your system and spy on your business. Immediately, every internal meeting, customer pitch, strategy, trade secret or informal discussion in the room where the videoconferencing software is located — sometimes whether or not the equipment is even powered on — is passed straight through to your rival.
Even if the hacker weren’t working on behalf of a competitor, should that person gather enough information on their own about your company, the hacker could either sell it, use it for blackmail purposes or just release it straight onto the Internet to damage your company’s reputation.
It’s not exactly a secret in the hacker community that videoconferencing systems are easy targets, either. A hacker conference in 2013, for instance, featured a demonstration showcasing how to remotely compromise all variants of the popular Polycom HDX systems. The hacker that ran the presentation, Moritz Jodeit, told Computerworld that he initially started his research to see how easy it would be to break into videoconferencing systems and use them for surveillance purposes.
“Once compromised, then you can basically do anything on the device,” Jodeit told Computerworld. “This of course includes recording or modifying the data of ongoing video conferences taking place over the compromised device.”
Luckily, there are plenty of precautions businesses can take to avoid this type of eavesdropping.
How your business can help protect itself
If a business wants to get serious about its videoconferencing strategy, it should begin by creating an initial, internal usage policy. This should cover everything from who can use videoconferencing, when, how and what kind of topics can be discussed during sessions. Among other things, consider making it mandatory to disconnect or cover videoconferencing cameras when not in use.
To help enhance security for your company’s videoconferencing solutions, choose a secure videoconferencing provider that has ISO certification, secure connections, boasts end-to-end encryption, online passwords for each user, and more. And remember, those types of security features should not come at any expense to the overall videoconferencing experience. A quality videoconferencing solution should still be able to offer your business state-of-the-art security, without sacrificing things like HD video, crystal-clear audio, simple UI, call recording, and beyond.
Another good idea would be to make sure your videoconferencing system is installed by an experienced professional that can maximize security performance. In the case of some of the companies Moore hacked, for instance, the videoconferencing provider’s security may have been state of the art; but some of the systems were set up outside their firewall with the belief they wouldn’t become targets, which was obviously a mistake.
Videoconferencing security might not seem like a top priority for many businesses today, but there are more than enough reasons why it should be. As with many things, it’s up to each individual company to make the initial effort or else face the unintended consequences.
Courtney Behrens is senior marketing manager – Web solutions and services at Brother. She is a cloud marketing leader who specializes in collaboration technologies and solutions-based marketing strategy.