Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Monday June 06 2022, @08:42AM   Printer-friendly
from the of-course-it-is-it-is-the-government,-after-all dept.

Meeting Owl videoconference device used by govs is a security disaster:

The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive. The consoles, which are slightly taller than an Amazon Alexa and bear the likeness of a tree owl, are widely used by state and local governments, colleges, and law firms.

A recently published security analysis has concluded the devices pose an unacceptable risk to the networks they connect to and the personal information of those who register and administer them. The litany of weaknesses includes:

  • The exposure of names, email addresses, IP addresses, and geographic locations of all Meeting Owl Pro users in an online database that can be accessed by anyone with knowledge of how the system works. This data can be exploited to map network topologies or socially engineer or dox employees.
  • The device provides anyone with access to it with the interprocess communication channel, or IPC, it uses to interact with other devices on the network. This information can be exploited by malicious insiders or hackers who exploit some of the vulnerabilities found during the analysis
  • Bluetooth functionality designed to extend the range of devices and provide remote control by default uses no passcode, making it possible for a hacker in proximity to control the devices. Even when a passcode is optionally set, the hacker can disable it without first having to supply it.
  • An access point mode that creates a new Wi-Fi SSID while using a separate SSID to stay connected to the organization network. By exploiting Wi-Fi or Bluetooth functionalities, an attacker can compromise the Meeting Owl Pro device and then use it as a rogue access point that infiltrates or exfiltrates data or malware into or out of the network.
  • Images of captured whiteboard sessions—which are supposed to be available only to meeting participants—could be downloaded by anyone with an understanding of how the system works.

[...] Researchers from modzero, a Switzerland- and Germany-based security consultancy that performs penetration testing, reverse engineering, source-code analysis, and risk assessment for its clients, discovered the threats while conducting an analysis of videoconferencing solutions on behalf of an unnamed customer. The firm first contacted Meeting Owl-maker Owl Labs of Somerville, Massachusetts, in mid-January to privately report their findings. As of the time this post went live on Ars, none of the most glaring vulnerabilities had been fixed, leaving thousands of customer networks at risk.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Troll) by Runaway1956 on Monday June 06 2022, @11:14AM (3 children)

    by Runaway1956 (2926) Subscriber Badge on Monday June 06 2022, @11:14AM (#1250889) Journal

    There are laws against spying on government, right? So, it's perfectly safe.

    --
    “I have become friends with many school shooters” - Tampon Tim Walz
    Starting Score:    1  point
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Monday June 06 2022, @03:22PM (2 children)

    by Anonymous Coward on Monday June 06 2022, @03:22PM (#1250985)

    Like guns?

    • (Score: 0, Troll) by Runaway1956 on Monday June 06 2022, @03:31PM (1 child)

      by Runaway1956 (2926) Subscriber Badge on Monday June 06 2022, @03:31PM (#1250988) Journal

      Actually, yes, like guns. There are laws that prevent guns being used illegally. Therefore, there can be no gun problem. Laws control problems.

      --
      “I have become friends with many school shooters” - Tampon Tim Walz
      • (Score: -1, Troll) by Anonymous Coward on Monday June 06 2022, @05:57PM

        by Anonymous Coward on Monday June 06 2022, @05:57PM (#1251049)

        Cool, let's scrap all laws and see how you like that.

        Libertarians are like house cats: convinced of their fierce independence while utterly dependent on a system they don't appreciate nor understand.