The Channel logo


By | Darren Pauli 19th May 2016 06:27

Hacker finds flaw in teleconference tool used by US Army, NASA and CERN

Like we need another reason to hate videoconferences

Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in video platform Vidyo – used by the likes of the US Army, NASA and CERN – that could see videos leaked and systems compromised.

O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client test and reported it to the New Jersey video company which has since issued a patch.

Google searches for particular strings can reveal vulnerable devices connected to the internet.

The company says some 3,000 Fortune 100 SMB customers and 39 of the top 100 healthcare networks in the US use the hardware, together clocking more than 50 million minutes in talk time.

"I ended up finding an arbitrary file disclosure vulnerability," O'Reilly told The Register. "It's more than just [leaked] videos, also Linux filesystem files (/etc/passwd) and other configuration files.

"I've never heard of this software before and thought that the risk exposure was quite low until I looked at the clients. There are a lot of publicly accessible Vidyo endpoints that are probably vulnerable that you can identify using Google."

O'Reilly says version of Vidyo's firmware for its gear has been released to close the hole. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe