Hackers could be Secretly Tapping into your Corporate Meetings
- By Sydny Shepard
- Jan 22, 2016
Cybersecurity experts at SEC Consult revealed a secret doorway that’s built into a popular conference calling product built by a company called AMX. AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.
The company hard-coded backdoor access into its system. AMX created a “secret account” with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
It’s a glaring security hole.
"This is tantamount to handing over an unlocked military/government smartphone or computer system to an enemy," said Phil Hagen, who teaches cybersecurity professionals at the SANS Institute. "It's a huge problem that anyone with the 'secret account' credentials could theoretically access those devices."
SEC Consult researchers discovered the questionable computer code, detailing it in a blog post.
The American tech firm that makes AMX systems, Harman, acknowledged the issue, but called it an intentional feature. The company said it disabled the access point through a software update in December.
Computer security experts believe this seems like a case of sloppy computer programming. The access point was probably build for fixing problems during product development and accidentally left it in.
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.