A hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; video-conferencing equipment. New systems can automatically accept inbound calls so users do not have to press an “accept’’ button. The effect is anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the swing of a camera.
HD Moore (a chief security officer at Rapid 7) wrote a program that scanned the Internet for videoconference systems that were outside the firewall and configured to automatically answer calls. In less than two hours, he discovered 5,000 wide-open conference rooms.