The security flaws in standard webcams are well known, but one company has proved that even the best videoconferencing systems may simply lull companies into a false sense of security. Rapid7, a business that specializes in security testing, recently took a New York Times reporter on a tour of private offices across the country, hacking into high-end video systems to eavesdrop on rooms where lawyers, venture capitalists, pharmaceutical companies, and others meet with clients or discuss business decisions. Despite the encryption features advertised for some of these systems, videoconferencing is often set up outside firewalls with little security. Moreover, features meant to make conferencing easier — like a widely-used setting that automatically accepts incoming calls — can let an intruder listen in without even being announced.
Although there haven't been any confirmed cases of this weakness being used maliciously, an intrusion could be difficult to detect, and companies would have reason not to disclose it. During tests, many prominent companies (which weren't named by Rapid7) apparently failed to enable even basic security features, and those that did weren't necessarily safe. Goldman Sachs, for example, put its system behind a firewall, but showed up in the directory of a law firm with weaker security, potentially allowing a hacker to dial in. It shouldn't be a surprise to anyone that electronic communication is less secure than we think, but it looks like even groups who should be invested in privacy may have yet to take that fact to heart.