Embedded Systems on the Net Without Protection; In theThousands
Over the past few years, researchers have repeatedly demonstrated how easily web servers that are embedded in devices such as multi-function printers and VoIP systems can be tracked down over the web; however, thousands of machines remain unprotected.
At the RSA Conference, which is ongoing, Zscaler‘s Michael Sutton has provided further evidence that many embedded web servers (EWS) can be easily accessed by outsiders via the internet. Where multi-function printers or video conferencing systems are concerned, this can cause serious data leaks: the printers store scanned, faxed and printed files on hard disks and then disclose these often sensitive documents. Video conferencing hardware allows outsiders to monitor rooms remotely or listen to meetings that are in progress.
- Mythical Videoconferencing Hackers (community.rapid7.com)
- How to Scan Your Network for Open H.323 Video Conferencing Systems (community.rapid7.com)
- Board Room Spying for Fun and Profit (community.rapid7.com)
This entry was posted on March 1, 2012 by NetSecurityIT. It was filed under Enterprise, General Security, Hacking, Network Management, Network Security, Patching, Security, Security Advisory, Vulnerabilities, Zero-Day and was tagged with AudioVisual, Business, Business Services, Conferencing, Embedded system, michael sutton, multi function printers, Printers, printers store, Skype, Telecommunications, video conferencing hardware, video conferencing systems, Videoconferencing, Voice over Internet Protocol, voip systems, Zscaler.