Conferences have been done in an official setting where a group is facing each other and discusses the agenda for the growth of the company. Then came covid, and the face to face meeting became online ones with help of different conference call apps such as Zoom and Microsoft Teams.
Due to the reliance on technology and lack of technical skills possessed by majority of the population, cyber crimes increased 75% during the pandemic. Hacking conference calls wasn’t a big deal either due to the incompetence on the part of the app developers and users.
Well, even the FBI and Scotland Yard wasn’t safe from the Anonymous hackers who breached their conference call and leaked it. The irony being the topic of discussion between the two parties was steps to be taken to reduce cybercrime. The group of hackers even broadcasted a 16 minute clip of the recording to prove their claim. Well, this happened years ago and alongwith the advances in technology and security, hackers have also bettered their ways of hacking.
Conference Call Softwares Which Can Be Hacked
Natalie Silvanovich, a Google Project Zero researcher, disclosed in August 2018 that she had discovered critical vulnerabilities in the most common video conferencing architecture, including WebRTC (used by Chrome, Safari, Firefox, Facebook Messenger, Signal, and others), PJSIP (used by WhatsApp), and Apple’s proprietary FaceTime library. If abused, such flaws would have allowed attackers to crash apps employing the implementation simply by making a video call. This would have caused a memory heap overflow, allowing the attacker to take control of the victim’s video calling account.
Hacking A WebRTC is easier than imagined. Here, To simplify the protocol, the consumer would begin contact via a signaling server and then communicate directly via the PeerConnection API. In an attack scenario, the invader creates a client by exploiting the discovered vulnerabilities, then utilizes the existing signaling server to establish communication and carry out the assault. A more complicated, but still viable, alternative is for the attacker to additionally seize control of the signaling server. In that situation, the attacker attempts to persuade the target to connect to a signaling server controlled by them (for example, by using the browser and convincing the target to click a link). The attacker then utilizes this to exploit the discovered vulnerabilities.
Some other methods of hacking a conference call or general call is through VoIP hacking and
VoIP hacking is a form of assault in which a person infiltrates your company’s phone system. They can listen in on phone calls, rack up large costs, and steal vital information about your company and its customers. Hacks often occur when one of the employees inadvertently provides information to a fraudster.
Hackers impersonate personnel working in customer service and the Network Operations Center (NOC). Employees may unwittingly provide illegal access to the hacker, allowing them to take control of your VoIP phone system. Access to your company’s phone system might be used to launch additional assaults. A VoIP hacker, for example, may use the information to charge your credit card, impersonate your company, and access sensitive client information.
Through this method, hackers can even drop in and listen to the calls that the company’s employees make or the conferences that are held.
Bugs in Software
Multiple softwares can be used for keeping a conference call. During the pandemic several new softwares were developed and launched. The urgency to do so led to the lack of pentesting in some of the famous softwares, giving hackers the chance to hack into the server and evidently the call they wish to listen to.
When software is released, it becomes susceptible. For starters, it frequently contains undiscovered bugs. The more complicated it is, the more bugs it may have. An intruder can hack a system if he discovers a bug before it is rectified or patched. Unchecked buffer size, for example, is a problem that might lead to buffer overflow attacks. Second, when designing software, engineers normally create some code for debugging. These debugging codes often grant the programmer extensive authority. If these codes are not deleted from the published version, the intruder can use them to launch an assault.
Now you know that even a call isn’t safe to be made. There are various ways of securing yourself from the increasing cybercrime, the first is to keep your software updated. Generally, software launches updates regularly which have security patches to fix the problem of bugs and loopholes. Another is to make sure that you are making the call on a private network and not a public one. This helps in limiting the access of hackers to your network.