Emphasis on Passwords For Video Conferencing: No More Spying on Meetings.

In recent times, there have been a loophole in this platform as various video conference developers have noticed a bridge in the conference space by uninvited individuals. This must have resulted due to the lack of passwords in accessing meetings. 

However, one of the best collaborative and interactive trade name, Cisco, started preinforming the WebEx clients of various businesses and enterprises of a new video hacking system. This new automated online invasive system is enabled by online hackers to participate in any conference and gather information from the source, most especially, without notifying the other participants. 

The attack is based on an invasive mechanism where the invader can efficiently and without difficulty, pick out the digital identity number of the host provider of the WebEx conference and launch an attack. But the invasion was seen by the team as configuration issue. This invasion was detected by a United States team, Cequence Security brand. Who informed Cisco of the intensive detriments of this attack and how this attack is launched at WebEx APIs and it’s effect of allowing access active meeting numbers.

The consequences of this invasion can result in that most thieves and criminals will be granted to knowledge of companies key information, discerning the current meeting number that is active and if a password is required or not.

However, the Cisco team has offered recommendations to ensure that attackers cannot abuse the problems with the API. The US company that found the vulnerability, Cequence Security, has also said that the issue affects video collaboration vendor Zoom. The Zoom brand caused a stir back in July when it appeared to be ignoring a bug that made Mac users vulnerable to remote attacks. According to Cequence, the “prying eye” vulnerability is an example of a new kind of attack that specifically targets web-conferencing APIs with a bot that cycles through and discovers meeting ID information.

Are Your Conversations Really Private?

Privacy and security is of utmost importance to any business or organisation regardless of its size. Every individual as well as companies whether in the public or private sector requires to have a private interaction.

This is one of the major reasons why video conference providers like Cisco, Zoom and others have provided a quick and efficient process of rectifying this loophole.Thorough research on this attacking sequence have revealed that if Webex users will assign keys and passwords to their meeting page, there will be no attacks. In other words, this attack is made possible because of users lack of passworded meeting pages. Aside from attacking the meetings, the absence of password also exposes these companies to all collaborative landscapes. 

This invasion is API attack could also be as a result of the prevalence of mobile phone devices and creating API enabled application as the main app in businesses. Therefore, in order to create more security measures, users are required to devise a shared responsibility medium to not just provide passwords but to secure conference interactions by performing an extra identification sequence of confirming participants identity.

Protecting Your Conversations

Video conference providers have created complete protection of video conference space by means passcodes. 

Enabling and activating conference meetings password has been of the most efficient tools for curtailing attackers invasion. For instance, conference providers like Cisco has provided a 9 digit key password identity by meeting participants needs to be able to access meeting. This accessible is functional whether from mobile phone or desktop users. Hence, only meetings without passwords can be invaded. However, when unpassworded meetings are attacked, the Invaders will appear as participants and can be removed by host. But a passworded meeting cannot be accessed by invader.

Cisco and zoom both offer to use the different default password generating measures for meetings. Examinations have also proven that numeric or alphanumeric  passworded video conference are liable to attacks. Since users are liable to totally ignore or disable password functions. WebEx teams are thereby advicesd to set a default security enabled features for all users.

According to the company, WebEx and Zoom allow a bot to automatically cycle through all potentially valid meeting IDs via API calls. Once they obtain valid meeting IDs, attackers can try to access meetings in hopes that the user has not set a password, allowing them to spy on individuals and organizations.

Another means of protecting video meeting is via uuthentication. Video conference providers have also implemented an authentication process where WebEx users do not type on the password themselves but is automated by the system. They also provide some host functions such as restricting meetings without due identification of individual participants. 

They also went a notch closer as to enabling host notification when a guest requests to join the conversation.

Published 12/30/19