A local Quebec french language newspaper (Journal De Montréal) has an interesting report about a hacker exploiting a critical flaw in the PLQ (Quebec Liberal Party) video conferencing system allowing him to eavesdrop on private strategy discussions.
Lucky for the PLQ, the hacker is a white-hat (good guy) and informed employees of the flaw. He also proved his exploit by sharing videos taken from the private discussions.
A black-hat could have exploited this information for personal gain or to make a political statement. The flaw he exploited was contained in a software being used and the PLQ had left a factory default password enabled.
The PLQ has since patched the bug and changed the password, but this is a cautionary tale for all home and office users of videoconferencing technologies (remember most laptops have cameras these days).
- Tape over your camera when not in use
- Update your software regularly
- Uninstall software you don't use
- Be vigilant