The Channel logo

News

By | Darren Pauli 19th May 2016 06:27

Hacker finds flaw in teleconference tool used by US Army, NASA and CERN

Like we need another reason to hate videoconferences

Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in video platform Vidyo – used by the likes of the US Army, NASA and CERN – that could see videos leaked and systems compromised.

O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client test and reported it to the New Jersey video company which has since issued a patch.

Google searches for particular strings can reveal vulnerable devices connected to the internet.

The company says some 3,000 Fortune 100 SMB customers and 39 of the top 100 healthcare networks in the US use the hardware, together clocking more than 50 million minutes in talk time.

"I ended up finding an arbitrary file disclosure vulnerability," O'Reilly told The Register. "It's more than just [leaked] videos, also Linux filesystem files (/etc/passwd) and other configuration files.

"I've never heard of this software before and thought that the risk exposure was quite low until I looked at the clients. There are a lot of publicly accessible Vidyo endpoints that are probably vulnerable that you can identify using Google."

O'Reilly says version 3.0.1.20 of Vidyo's firmware for its gear has been released to close the hole. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock