Of the many cultural buzzwords coined during the COVID-19 pandemic, the term “Zoom bombing” may be the most memorable.
Early in 2020, celebrities like Kristen Bell and Conan O’Brien popularized the practice of surprising online videoconference attendees by joining their meetings unannounced. As charming as that may be, not all Zoom bombings are innocuous. Bad actors use these virtual break-ins to secretly snoop on corporations and organizations. They may also share inappropriate images and videos meant to disrupt the proceedings.
Like other computer and network hackers, Zoom bombers rely on human fallibility and poor judgment to gain access. The most common entrance is right through the front door, either because the host neglected to use safety protocols such as requiring a password, or because they failed to sequester attendees in a queue so they could be verified before being allowed into the meeting. Sophisticated hackers can mimic profiles of actual guests, making it harder for the host to kick them out of the call.
“The best way is to have at least one step of authorization, but two steps can ensure that there isn’t a breach or someone who is not authorized in the meeting,” said Steve Greenblatt, CTS, president and founder of Control Concepts. “A lot of these steps take time and effort, make conferences less convenient, or make more work for people, but they will result in a more secure outcome and allow hosts to avoid those types of embarrassments, as well as potential security breaches.”
Zoom bombing is just the tip of the proverbial iceberg of new network security threats. As workers return to office environments after a year or more of working at home, they may bring devices with them that have not been vetted by IT staff. Tim Albright, chief marketing officer at Conference Technologies Inc. (CTI) and CEO of AVNation, said that the potential for third-party peripherals to compromise an organization’s network is the single biggest security issue integrators are dealing with heading into late 2021 and 2022.
[ Staying Secure in the New Hybrid Work World ]
“Up until a year and a half ago, the IT department was also the procurement department for everything that was on the network,” said Albright. “Now, a year and a half later, folks have gotten equipment on their own to make their work-from-home [situations] work. That stuff is going to start finding its way to the office and onto the office network.”
Organizations have ways of locating unapproved peripherals, such as by deploying tools that continually scan the network for known and unknown MAC addresses and can alert IT or the AV integrator when an unauthorized device is connected. But those measures are purely reactive. Greenblatt says proactive maintenance can prevent security threats from infiltrating the network in the first place.
[ The Integration Guide to Secure AV ]
“Vulnerabilities are happening all the time, and computers these days are getting updates and security patches to address new threats,” he said. “It’s very possible that becomes part of a maintenance agreement. In my business, for example, we have somebody who looks at our website every month to make sure we don’t have vulnerabilities, that we’re updating our software to make sure that somebody can’t come in and hack our website. If we apply that idea to an AV system, you look at the devices or the setup [and determine if] they need to be better secured. What was in place when the system was turned over may not be as effective now because of new vulnerabilities or issues that may have been identified since then.”
In addition to regular audits and multifactor authentication, integrators can set up a VLAN, or virtual local area network, to help protect against security threats. VLANs allow partitioning of a server so that different classes of connected devices can be grouped together. “The challenge with that, though, is that there are still some ports that need to be open” to allow certain local devices to be able to access the internet, Greenblatt said. “There are also AV over IP devices that need to be able to traverse the network to be effective, so while VLAN can be very powerful, there’s always going to be a need to open up access outside of it.”
Simple practices many people ignore, like changing devices’ default usernames and passwords, can also help prevent network hacks. It’s relatively easy for a hacker to match default IDs to Wi-Fi routers and other connected devices, and AV systems are particularly susceptible to distributed denial of service (DDoS) attacks in which vast numbers of devices across many networks are manipulated simultaneously.
These “zombie attacks” can be large in scale, and costly to fix. A well-known example in 2016 took down Netflix and many other networks along the East Coast. In the mix of devices exploited in the attack, Albright noticed something troubling to the AV business: zombie web cameras and network-compromised speakers. “When I saw that, it’s like, yes, the AV industry certainly has an issue with this,” he said. “We have an issue because our devices are getting put on the network more frequently, which means we need to make sure we’re doing the simple things, such as changing the login and password. You’ve got folks who can take control of these because they’re public-facing, on the network, on the internet.”
On the horizon, the increasing numbers of internet-connected smart devices create more network vulnerability. “You’re talking about yet another entry point that could be a vulnerability, and if it happens that an [Amazon] Echo or another type of voice interface is listening, then [hackers] can know what you’re talking about and be able to track what is happening,” added Greenblatt. “As we try to make systems intelligent, we have to be concerned about them having access to information that gives them more power than we know.”
As networks grow more complex and devices more sophisticated, vigilance in the fundamentals of network security will be more important than ever.
“The rule of thumb I think everybody goes with is that you’re only as strong as your weakest link,” concluded Greenblatt. “We do a good job of having technicians [pull wiring], and we have experts who know how to set up products and make sure an image looks good and the room sounds good, but we should also have an IT or cybersecurity specialist who can give our clients confidence because they know they’ve brought somebody in who’s going to protect them.”
Click here to read more stories from the August 2021 issue of SCN.
Focus on Network Security
Improving AV Device Security on Converged IP Networks • How can system designers and integrators collaborate more effectively with tech managers to improve AV device security on converged IP networks?
Keeping Sensitive Information Secure on the Network • As more networked devices join the AV space, many network administrators in all industries are expressing concerns about the efficiency of the network.
Staying Secure in the New Hybrid Work World • As AV/IT managers adapt to the new hybrid workforce model, more personalized approaches to technology are needed, opening up new potential network security vulnerabilities.