Videoconferencing equipment has been in the news recently for its potential for use by attackers to snoop on confidential company meetings, view charts mounted on meeting room walls, or listen in on conversations stealthily. While this is not a new vulnerability per se, and videoconferencing equipment has been usable for more than a decade in this way, I thought it would be interesting to build and release an open source tool that could detect whether a given videoconferencing system is vulnerable to these attacks. That tool is now complete and available as auto-detect.py.
In this article, I explain the underlying videoconferencing protocol, how it is vulnerable, and how the tool detects the vulnerability. I also discuss why we decided to release this tool rather than fully enabling it in QualysGuard at this time.
What is Auto-answer?
‘Auto-answer’ is the ability to accept incoming calls or requests automatically without or with very little prompting. ‘Auto-answer’ is enabled by default in most videoconferencing equipment, and can allow an attacker to ‘join’ a videoconference by stealth.
Videoconferencing and H.323
H.323 is a recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols used to provide audio-visual communication sessions on any packet network. Most videoconferencing equipment uses the H.323 protocol stacks, which contain the protocols as shown below:
1 | 2 | Next page >>