Apart from having customers, having a reliable means of communications that is available literally 24 X 7 X 365 is an absolute must for businesses and corporations these days. Just like cashflow and coffee, it is another form of lifeblood that drives the engines for all organizations.
There are those that can afford expensive and large-scale communications, while startups like me on a shoestring budget and trying to find the most affordable options that are out there.
In this regard, WebEx, a communications platform that is offered by Cisco Systems, is one of the most widely used forms of “Unified Communications” that is used by small business.
With this, you hold conference like calls using VoIP, share screens, share video in real time, share files as they are needed, etc. But because of this heavy reliance on this tool, it too has become a prime target for the Cyber attacker.
There are three separate components of the WebEx platform that are at risk, and are as follows:
*The WebEx Meetings Server:
This is the multimedia conferencing solution that is hosted on the Private Cloud of a customer, and also manages the WebEx Meetings Suite services and WebEx Meetings Online.
*The Meetings Services:
This is the part which can record meetings. These are stored online or are also available in an Advanced Recording Format (ARF), which can be downloaded after the conference call is over. The meetings can also be recorded directly on a local computer.
*The Network Recording Player:
This can be either installed automatically when the end user accesses and downloads a specific conference call file from the WebEx Meetings Suite site, or even directly from the WebEx site via the customer portal.
So now you may be asking where specifically is the Security vulnerability? Well, if there is any improper validation or authentication of the specific WebEx file, a Cyber attacker can take full advantage of this, and launch a remote attack which can be as devastating as a Ransomware.
But, there is some work that is involved here, it is not just as simple as covertly taking control of a network communications path, as you could with the Remote Desktop Protocol (RDP).
In these cases, the Cyber attacker would have to send the end user an E-Mail with a link to a malicious website, or include an attachment with a malicious .EXE file, and be tricked into opening up one or the other (or even both, if possible).
From this point on, the attack payload can be delivered, and thus, the Cyber attacker can then gain remote access to either the end user’s computer or the WebEx Player.
These are the specific WebEx players that are impacted by this Security vulnerability:
*Player versions WBS32.15.10;
*Meetings Suite (WBS33) – Player versions WBS33.3 and later;
*Meetings Online – Player versions 1.3.37 and later;
*Meetings Server – Player versions 3.0MR2 and later.
My take on all of this?
After I did further research on this, apparently, Cisco has no workaround for this. The end user has to literally uninstall their current version of the WebEx player. But, the good news is that it will be automatically installed again once the end user accesses a conference call (or for that matter, any other recording file) once they access the WebEx Meetings site.
When I first read this, I was thinking to myself: “How in the h3!! can there not be any workaround for this??” But after further thinking about it, it is probably just better for the end user to get a clean start by deleting the old and reigning in with the new.
But, this story today underscores today just how vulnerable these forms of remote communications software packages can be.
We take them for granted, but you never know what is lurking on the other side. Just like when you receive confirm the sender of a suspicious E-Mail, you also need to confirm the sender of a request that you may get on any hosted communications platform, whether it be WebEx, Skype, Go to Meeting, etc.
I primarily use Skype, and I never accept any communications requests from usernames that I do not know of. This includes the times when I am on the freelancing writing sites like Freelancer, Guru, and Upwork.
After I submit a proposal for a writing job, I get requests to communicate first via Skype. I never do this, I ask the person on the other end to call me first.
And, you know what? They never respond back. Just using this simple method will prevent you from being a victim of a Cyber-attack, or even having your computer remotely hijacked, which can be quite easily done with these hosted communications platforms.
We don’t hear too often in the news about these kinds of Security vulnerabilities, but keep in mind, they do exist. Just another thing to add to your list of maintaining what I call good “Cyber Hygiene”.