October 23, 2012

Videoconferencing Security

Videoconferencing_Security_Main_Article.jpgSecurity is a primary concern for any aspect of a modern IP-based data or communications network. After all, computer networks are generally connected in one way or another to the public Internet, which has no shortage of unsavory characters. We usually think of Internet security in terms of preventing unauthorized access to internal computers and files, but the basic principles of security can also be used to secure videoconferencing endpoints and infrastructure from unwelcome access. In fact, some argue that videoconferencing security is especially critical due to the power of video. It's not hard to imagine the impact of a sensitive video meeting leaking out into the wild and appearing on YouTube or in a court of law.

The importance of video security and the vulnerability of conferencing services has also been highlighted in a recent New York Times story on security firm Rapid7's "war dialing" videoconferencing end-points with auto-answer left on. In another recent high-profile example of a conferencing security breach, affiliates of the Internet hacker group Anonymous released an illicitly recorded audio call between the FBI and Scotland Yard. What made the call particularly embarrassing was that it concerned international investigations of Anonymous itself. The call was recorded by a 19-year-old Irish student named Donncha O'Cearrbhail (a.k.a. palladium), who was associated Anonymous and related hacker groups LulzSec and AntiSec. O'Cearrbhail hacked an Irish police officer's Gmail account to obtain the dial-in number and passcode for the conference call.

A series of human errors, rather than a failure in the conferencing technology itself, caused this breach. The call signal wasn't tapped, decoded or hacked. O'Cearrbhail simply called into the meeting as if he was an invited guest and stayed mute while he recorded the call. The first error was made by the police officer who emailed the dial-in information from his secure police e-mail to his personal Gmail account, which defeated the purpose of having a secure email address in the first place. It is unclear how the Gmail account was compromised; it could have simply been a weak password. The second human error was the failure to monitor the conference. Most audio conferencing services have a web UI that allows a call host to see a list of conference attendees. Checking this list would have revealed an extra person on the call. Pulling off this exploit in a video meeting would generally have been more difficult, since many multipoint video meetings use a layout that displays all call participants on the screen. Even if a hacker muted his video, the other parties on the call would see some indication (a blacked out frame, etc.) of another party in the call.

Stories like these have raised valid concerns about conferencing security in the minds of our readers, the perfect opportunity to for a primer in videoconferencing security.

Videoconferencing's Inherent Security 

In order to understand possible vulnerabilities, it helps to first understand the existing layers of security in today's videoconferencing technology. Videoconferencing solutions typically use the 128-bit AES encryption security protocol to secure videoconferencing traffic as it traverses the public Internet. It's advisable to use AES encryption even when calling within a private network to secure the video traffic even if the network itself is compromised. In the simplest of terms, the videoconferencing system applies the AES algorithm to its outgoing data signal (AES works with H.323, SIP and ISDN), transforming it into ciphertext that can safely traverse the Internet to the other system in the call. Then it can be decoded back into usable video and audio. The encryption process itself is a four-round scrambling operation that efficiently creates a completely scrambled signal without adding significant latency.

While leading cryptographers have designed theoretical "cracks" of AES , even the most advanced crack publicly known (published in 2011 by Andrey Bogdanov, Dmitry Khovratovich and Christian Rechberger) would take a billion computers over a billion years to process. There is no practical method for a typical hacker to break AES security, tap into your videoconferencing traffic as it traverses the public Internet and decode the signal into watchable video.

Videoconferencing's Security Vulnerabilities 

A video meeting suffers from the same basic vulnerability as physical meetings: uninvited eyes and ears. A spy could potentially sneak into a video meeting through the bridge connecting participants and virtually "hide" (mute his video and audio) just as he could sneak into an actual meeting room and hide under a table. Videoconferencing security is basically the virtual equivalent of making sure there are no spies under the table, behind the curtains, in the air vents, or sitting at the table disguised as your CEO.

The Information Office of the U.S. Dept of Interior describes the general problem of IT security as follows:

"People using computers and the professionals maintaining networks and systems are the source of the problem, which means that training all employees is an essential step in managing an IT security program. Users who are not trained to detect phishing and pharming attacks or spyware can open dangerous backdoors to hackers."


Here are examples of general security vulnerabilities for videoconferencing-enabled environments.

Social Engineering This is a security breach obtained by manipulating people rather than computers. The victim of a social engineering hack voluntarily gives up the secure information as a result of fraud. A typical social engineering tactic is the e-mail phishing scam. A scammer could send an e-mail that appears to come from a company's managed service provider, asking to verify information regarding video system IP addresses or user account information. A customer could innocently reply to this e-mail and potentially give some level of access to an outsider. Anyone with access to secure videoconferencing environments should be on the lookout for this type of scam.

Corporate Espionage It should be fair to assume that any organization with security concerns already has a corporate espionage program in place. However, this program may need to be updated to account for any possible videoconferencing-specific vulnerabilities. Access to recorded video meetings should be subject to the same stringent security checks as those to restricted physical documents and files. It might even be appropriate to limit remote access for video equipment to people with physical access to those rooms. If a security breach occurs, consider the conferencing implications. For example, if a board member loses his iPad, all of his conferencing-related accounts should be disabled to prevent an imposter from calling his contacts.

Vendor Vulnerabilities Videoconferencing vendors can install "back doors" in their systems to spy on clients for their own enrichment or on the orders of their sovereign governments in the name of national security. In a 2006 issue of MIT's Technology Review, Google Director of Research Peter Norvig discussed a Google program that uses the embedded microphone in personal computers to hear sounds in a room. He said the program would help the company tailor ads-- if Google hears a dog barking, it might display an ad for dog food. Regardless of the stated goals, the program highlights the potential for vendors to abuse their access to trusted microphones and video cameras.

Sovereign Government Spying Recent stories of network carriers turning over Internet traffic to the government have left some people concerned about the security of any devices connected to networks. The issue was brought to the forefront in 2006 when AT&T technician Mark Klein revealed to the Electronic Frontier Foundation and Wired magazine that the company was splitting off their core backbone fiber optic cables to a secret room in their San Francisco data center (Room 641A/ Study Group 3 Secure Room) where the National Security Agency took the feed and illegally and unconstitutionally wiretapped all telecommunications flowing across the wire.

This isn't simply the stuff of conspiracy theories. Wired titled a recent interview of CIA Director David Petraeus, "CIA Chief: We'll Spy on You Through Your Dishwasher." As Wired explains:

All those new online devices are a treasure trove of data if you're a "person of interest" to the spy community. Once upon a time, spies had to place a bug in your chandelier to hear your conversation.



With the rise of the "smart home," you'd be sending tagged, geolocated data that a spy agency can intercept in real time when you use the lighting app on your phone to adjust your living room's ambiance.

If the CIA is listening to my lighting app and dishwasher, who's to say it isn't looking through my webcam? The bottom line is there really isn't anything a typical IT person can do to take on the CIA. However, we can be aware of the fact that today's technology has significantly changed our understanding of business security and act accordingly. Even if Big Brother can hack into your video camera, he can't see through a lens cap.

Future Security Threats 

While most IP video security specialists are focused on the threats of today, the speed of computer processing, the rise of artificial intelligence, the capabilities of machine vision, and the desirability of anonymity are leading to potential issues just now coming into focus.

Verifiable Identity and Computer Generated Avatars In a world of artificial intelligence, photorealistic computergenerated graphics and super computing, how do you know if you're actually talking to the real person whose visage appears on the screen in front of you? What if the image on the screen was computer generated? In artificial intelligence, Turing Test refers to a set of questions that allow a person to determine whether he or she is talking to another person or a computer. As of this writing, no computer has been able to successfully fool a sophisticated human interrogator. Futurist Ray Kurzweil estimates that an artificially intelligent computer will be able to pass a Turing test by 2029. However, you don't need a completely cognizant computer to recreate passable counterfeits. For almost a decade, Hollywood has been using a combination of motion capture and computer-generated graphics to create virtual visages that mimic the nuances of facial features and human communications. What's to keep a determined party from developing a system that creates a map of a person's face, digitizes it and then layers that facial map over another person's face in real time, creating a photorealistic virtual puppet mask for video calls? You eliminate the need for an artificially intelligent computer by substituting the super computer of the virtual puppeteer's human brain, able to answer questions in real time. The ability for computers to mimic voices has been around for over a decade as well--AT&T Laboratories has been convincingly mimicking particular voices by reconstructing their individual nuances and intonations from pre-recordings since at least 2001, even spinning off a company called Natural Voices to commercialize the technology.

Deception Detection Computer Vision is the science of computers understanding and processing video. This technology has existed for quite some time, used in such common applications as inspecting auto parts on a production line. Today's computer vision could be used in a videoconferencing setting to detect the cues of deception. When lying, some people blink, but most look "up and to the left" when visually constructing information instead of "up and to the right" when visually remembering information. Many people also express "micro-expressions" that betray inner thoughts. Is it any wonder why so many professional poker players wear sunglasses during games? What if you could program a computer to watch a video call with you and display a visual warning on the screen anytime a remote participant exhibited deception? Imagine the advantage this would provide in business negotiations. ("Is this the absolute best price that you can provide?") or in job interviews ("Do you have any other offers on the table?") Of course, this technology has a tremendous potential for abuse as well.

Anonymity This attribute could be considered a benefit as much as a potential threat. Public Key Cryptography allows a message to be encrypted using a dual-key system that includes a public key published to the world and a private key known only to the user. The longer the length of each key, the harder the message is to crack. Many governments around the world classify long encryption key systems as munitions, making them illegal for export. In onion routing, a technique for anonymous communication over networks, message traffic is repeatedly encrypted and then sent through multiple network nodes, the onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions and sends the message to the next router to repeat the process. These steps prevent these intermediary nodes from learning the origin, destination and content of the message. Put the two technologies together with the identity-spoofing techniques we've already covered and you have the ability to communicate anonymously. Anonymous users can escape taxation, work on human rights issues in authoritarian countries, and on and on.

These are but a few of the potential issues that the video security specialist of the future will need to address, a future so bright you have to wear photorealistic virtual puppet shades.

Conclusion 

The public Internet can be a rough neighborhood, and security-minded IT professionals have long demanded that all IP devices live inside the firewall. Since a videoconferencing endpoint is just another IP device, if you choose to deploy it outside of the firewall it will be open to accepting calls, and some of them may not be from friendly callers. TPO

Securing Your Video Environment

This January the Wall Street Journal published a detailed story of security firm Rapid 7's successful penetration of multiple videoconferencing systems including high-profile boardrooms. Telepresence Options did the most sophisticated and comprehensive analysis of the exploit, which resulted in a detailed response from Rapid7 Chief Security Officer HD Moore. Here are David's suggestions on hardening your boardroom.

While professional security assessments are available for truly sensitive environments, the rest of us can get by with a few basic security measures. Whether you are an end-user or a managed service provider, here are a few simple tasks to beef up VC security.

Firewalls Like any IP device, videoconferencing systems should be behind a firewall. While that can make outside calling trickier, it is manageable. If you have an extremely small deployment (one system) and insist on staying outside the firewall, just be aware that your system can be called by anyone on the Internet.

Meet-Me Rooms A videoconferencing network can be configured to direct all incoming calls to a meet-me room in a video bridge, which is configured to use continuous presence layouts (all participants shown on the screen). Rather than dialing into a physical boardroom, the hackers would dial into a videoconference, where their presence would be very apparent.

Auto Answer This feature is a point of contentious debate within the industry, some people arguing that systems should not be sold with it enabled by default. Users and admins should be aware of the implications of this feature and make sure that it isn't used in a way that may compromise security.

Camera Presets and Far End Camera ControlCameras can be set to focus on a painting or even an empty wall when calls are initiated. This ensures that innocent, or not so innocent "wrong numbers" will not see anything potentially compromising. Far-end camera control should be disabled to these wrong numbers from peeking around at your meeting room.

Physical Lens Covers Many videoconferencing systems come with some sort of lens cap. Pop it on when the system isn't in use.

Microphone Mute Unfortunately, the industry has not standardized microphone mute indicators. Educate your users and enforce a policy of leaving mics in a muted stated when not in use. Admins should consider configuring endpoints to answer with audio muted.

Directory Protection Do not publish your directories. If you do publish any numbers (for example, to take part in a B2B exchange) be aware of how they are being distributed and who can access them. If possible, publish your meet-me bridge number rather than the direct numbers to your endpoints.

Passwords VC systems can be password protected, preventing non-authorized users from browsing your directories or causing other mischief.

Vulnerability Assessment If you are really security minded, you should undergo a professional vulnerability assessment every 90 days.

Non Use While researching this story, Human Productivity Lab President and Telepresence Options publisher Howard Lichtman related that one of Human Productivity Lab's consulting clients, a Fortune 100 energy company, has a policy about what types of issues can be discussed over telepresence and videoconferencing systems. The company ranks the sensitivity of various topics and refuses to allow the most sensitive issues to be discussed over video or telephony. 

About the Authors

Howard_headshot.jpg
Howard Lichtman is the President of the Human Productivity Lab, a telepresence consultancy and research firm that helps organizations design telepresence and visual collaboration strategies and deploy and future-proof investments.  He is also the publisher of Telepresence Options, the #1 website on the Internet covering telepresence and visual collaboration technologies and the Editor of the monthly Telepresence Options Telegraph and the bi-annual Telepresence Options Magazine, the world's most widely read publication covering telepresence technologies.

Mr. Lichtman is also the author and/or co-author of The Telepresence Options 2011 Yearbook, The Inter-Company Telepresence and Videoconferencing Handbook (2009), The Telepresence and Videoconferencing Exchange Review (2010),Telepresence, Effective Visual Collaboration and the Future of Global Business at the Speed of Light (2006), and Emerging Technologies for Teleconferencing and Telepresence (2005).  He is currently working on Telepresence Options 2012.

Mr. Lichtman is a frequent commentator on telepresence, videoconferencing, and effective visual collaboration and his writings on and analysis of the industry have been featured by US News and World Report, Telephony Magazine, CXO Magazine, The Chicago Tribune, Reuters, Pro AV Magazine, Killer App Magazine, ABA Banking Journal, Bank Systems and Technology Magazine and CFO magazine among others.


David_Maldow_with_text.jpg
David Maldow is a visual collaboration technologist and analyst with the Human Productivity Lab and an associate editor atTelepresence Options. David has extensive expertise in testing, evaluating, and explaining telepresence and other visual collaboration technologies. David is focused on providing third-party independent testing of telepresence and visual collaboration endpoints and infrastructure and helps end users better secure their telepresence, videoconferencing, and visual collaboration environments. You can follow David on Twitter and Google+.



This article is brought to you in part due to the generous support of:



Search Webtorials

Get E-News and Notices via Email


  

 



  

I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites






















Archives

Notices

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.