Hackers could be Secretly Tapping into your Corporate Meetings

Hackers could be Secretly Tapping into your Corporate Meetings

Cybersecurity experts at SEC Consult revealed a secret doorway that’s built into a popular conference calling product built by a company called AMX. AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.

The company hard-coded backdoor access into its system. AMX created a “secret account” with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

It’s a glaring security hole.

"This is tantamount to handing over an unlocked military/government smartphone or computer system to an enemy," said Phil Hagen, who teaches cybersecurity professionals at the SANS Institute. "It's a huge problem that anyone with the 'secret account' credentials could theoretically access those devices."

SEC Consult researchers discovered the questionable computer code, detailing it in a blog post.

The American tech firm that makes AMX systems, Harman, acknowledged the issue, but called it an intentional feature. The company said it disabled the access point through a software update in December.   

Computer security experts believe this seems like a case of sloppy computer programming. The access point was probably build for fixing problems during product development and accidentally left it in.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.