Are your confidential meetings as secure as you think? Conference rooms are now filled with cutting-edge media technology, which on the one hand opens up new possibilities for meetings, but on the other hand is a potential attack vector for cybercriminals. Can you ensure that you are not being listened to or monitored through your own microphones and cameras?
Time and again, we find that the security of media and conference technology is ignored. The conference room is often equipped by a specialized service provider, but then it is not managed like the rest of the IT infrastructure, because it is “just media technology.” We want to show you why this is a misconception by highlighting the most common security problems in media technology and the risks they create for you.
First, it is necessary to understand how modern conference technology is typically structured. Instead of signals traveling on fixed cable routes to their destination, microphones, speakers, cameras, and displays are connected to control devices that flexibly distribute signals between devices via the local IP network. So we are dealing with many networked devices, including the typical problems of network security.
This is where the first security issue often appears. In default settings, the devices’ control interfaces are often completely unauthenticated, or weak default passwords are used. During setup, this is often not changed. An attacker in the local network can then control microphones and cameras at will, and record content as well. The confidentiality of the meeting room is therefore effectively lost.
Another weak point is the Dante protocol, the de facto standard for audio transmission in media technology. Until recently, the Dante specification had no encryption at all, so in existing infrastructure this is generally not present.
According to the current state of technology, it is therefore almost inevitable that audio signals move through the network unencrypted. An attacker who can capture network traffic can listen in on meetings, as long as a microphone is already switched on. That is why it is essential to harden the switching infrastructure against so-called man-in-the-middle attacks.
In a man-in-the-middle attack, an attacker can place themselves between two network participants, for example via ARP spoofing, and then intercept and manipulate all network traffic. This is possible when corresponding security features of network switches have not been configured.
This brings us directly to the next vulnerability: missing network segmentation. The above attacks would not be possible at all if the attacker could not communicate with the corresponding control devices. A media network separated from the main network, for example via VLANs, is therefore absolutely essential. If media technology is in the same network as the rest of the IT infrastructure, not only is the attack surface for media technology unnecessarily increased, but there is also a risk that attackers will use it as a starting point for attacks on production systems such as Active Directory.
Another common issue is that security updates are not installed. For example, ClickShare, the market-leading platform for wireless conferences and presentations, was affected by several critical vulnerabilities a few years ago that not only allowed attackers to intercept presentations from the local network, but also to distribute malware to all devices connected via a ClickShare dongle. Media technology can absolutely be affected by critical vulnerabilities, making a patch management process mandatory. In many companies, this is already a major challenge for normal IT infrastructure; for media technology it is then often completely neglected.
A final security risk companies should be aware of is the cloud connectivity of many control devices, which enables remote maintenance. Securing these access points is therefore essential. First, strong passwords must be used and must never be reused for other access points. Second, two-factor authentication is mandatory when you consider how critical this interface is.
We hope we were able to dispel the misconception that IT security is less important for media and conference technology, and show you risks you may be exposed to. If you want to know the current security status of your media technology, we will be happy to advise you.