Meeting App Conferences' Prying Eyes Make For Uninvited Visitors
By: Jim Stickley and Tina Davis
January 12, 2020
Just recently, those who use Cisco’s Webex app to host online meetings were alerted that “prying eye” bad actors may also be attending their conferences. The popular meeting host provides options for video conferencing, screen sharing, and webinar capabilities to hundreds of participants at a time. Cisco recently disclosed the nine-digit Webex number used for identification to join meetings, both current and future, can be accessed by uninvited and potentially harmful attackers. Though, Cisco disclosed that its Product Security Response Team is currently unaware of any malicious use by uninvited guests.
And Webex is not alone. Earlier this year, Zoom conferencing app also experienced a security bug exposing Mac users to remote attacks.
According to Cisco, the flaw lies with Webex meetings that don’t use password protection. Attackers can gain the nine-digit ID number and become conference participants. However, there is some good news. They can still be tossed out by the meeting host–but only if they are detected. Depending on the information shared in the meeting, a prying eye could learn any number of topics discussed and the confidential information that goes along with it. Cisco claims password protection can stop a snooper in their tracks by keeping details like meeting titles, schedules, and hosts private. Without that information, the nine-digit access number is useless.
However, Cisco has not released a security patch for the issue, claiming it’s a configuration problem and not a vulnerability issue. They hope Webex users will follow their direction to use password protection for all conferencing.
Cisco states the default setting for Webex makes a password mandatory for setting up a meeting, and those who change the setting risk inviting prying eyes. Webex offers a default option that randomly generates a password for those meetings not using password protection. Users also have the option to create their own password instead of a randomly generated one for those unprotected meetings, meaning it can stop a bad actor from hacking the meeting number online.
Any way you slice it, password protection is a smart meeting maker’s best option for keeping out malicious prying eyes.