A seemingly secure video conference can be compromised by a simple, unencrypted wireless microphone, according to a new security analysis released today by the Swiss National Test Institute for Cybersecurity (NTC). The study, which examined 30 devices including keyboards, headsets and conference systems, revealed over 60 security vulnerabilities, with 13 deemed critical and three considered severely dangerous.
The NTC’s findings highlight a “hidden attack surface” often overlooked in cybersecurity protocols, according to Tobias Castagna, head of the institute’s test expert team. “But This proves precisely via these devices that sensitive information is exchanged. Passwords are entered on keyboards, confidential conversations are held with headsets,” he stated.
The analysis detailed a scenario where an attacker, positioned near a critical infrastructure facility, intercepted an unencrypted signal from a wireless table microphone during a confidential video conference. Despite the network being secured and the connection encrypted, the attacker was able to listen to the entire conversation using a simple antenna. This demonstrates the vulnerability of relying solely on network-level security without addressing the security of peripheral devices.
The study, which began a year ago, included products from major manufacturers such as Logitech, Yealink, Jabra, HP, Eizo, and Cherry, commonly found in Swiss workplaces, particularly those considered critical infrastructure. While modern devices, when properly configured and running the latest firmware, generally offer an acceptable level of security, the NTC found that complexity and the use of outdated wireless technologies increase risk.
The identified vulnerabilities have been reported to the manufacturers, with the majority responding swiftly to address the issues, according to the NTC. However, the institute warns that organizations with high security needs – including critical infrastructure operators, politicians, journalists, and legal professionals – should be aware of the risks.
A particular concern raised by the NTC is the multi-device pairing functionality common in wireless headsets. This convenience feature allows a headset to connect to multiple devices simultaneously, but also creates an opportunity for malicious actors. “An attacker, once they have brief access, can add another device and from that moment on listen to all conversations,” Castagna explained.
The NTC recommends that users prioritize wired peripherals for maximum security. For those who rely on wireless devices, regular firmware updates are crucial. The institute’s report underscores the necessitate to extend cybersecurity considerations beyond computers and networks to encompass all connected devices.
