Due to a vulnerability (CVE-2020-3419), attackers could join Webex meetings without being listed in the participants list. Hidden as a “ghost” from the other participants, attackers could eavesdrop on audio and video content.
This is what Heise writes in his article today.1
But this is only possible (…) if attackers have access to meetings in the form of shared links and a password.
Sounds quite trivial, but it isn’t. The objectives of confidentiality and integrity are lost when others eavesdrop unnoticed during a job interview for instance. Access data can be collected in unencrypted emails. It is not unusual for permanent meeting rooms to keep the same access data over an extended period of time.
Together with other vulnerabilities in Cisco’s server components this results in a desolate picture. Not all products could be fixed so far. The Cisco Security Advisory provides further assistance.2
Anyway, if US providers are used, no legal basis is not applicable.3 In discussions with particularly confidential content or in projects with NDA or confidentiality clauses involving poenals, this is exactly what can become a risk. I would be pleased to show you more examples in a webinar.4 In this blog, I have made various side-blows about Discord5 or digitisation projects in medium-sized businesses in general.6
I’m glad to help, no matter if in the form of a Managed-Server or in form of own servers within a corporate infrastructure.
I also like to refer to my current promotion till the end of the year.7
Just give me a call!
- https://www.heise.de/news/Cisco-Sicherheitsupdates-Webex-Meetings-von-Teilnehmern-unbemerkt-belauschbar-4965190.html [return]
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r [return]
- https://noyb.eu/en/next-steps-eu-companies-faqs [return]
- https://blog.jakobs.systems/micro/20201012-webinar-videokonferenzsysteme/ [return]
- https://blog.jakobs.systems/blog/20200905-privacy-shield-discord/ [return]
- https://blog.jakobs.systems/blog/20201014-homeoffice/ [return]
- https://blog.jakobs.systems/blog/20201103-managed-server/ [return]