Lousy Security from Phone Conferencing Companies

The other day I was assisting a group that needed to attend one of these “webinars” where we’re projecting a laptop onto a screen while we’re listening to a speaker over a POTS line. As the e-mail from the company sponsoring the webinar suggested, I dialed in about 20 minutes before the conference started to test, etc.

Except I wasn’t dumped into the conference I was supposed to be in. Instead I was now participating in some sort of briefing between salesman at a company that provides services to a number of large insurance companies. The salesmen could not hear me and were apparently completely unaware of my presence as they discussed the best approach to take with a particular client, and one chimed in with a list of things not to sayƂ during another.

Finally at the appointed time my call was supposed to start, the salespeople all hung up and the person from the company I was conferencing with was added to the call.

Now typically the security for these calls is you have to call a phone number and then enter an arbitrary number that corresponds to your particular call. So there are likely two possibilities for the mishap.

First, the people at the conference company could be complete morons and use a single ID # for a single conference slot and then give that conference ID out to different people, assuming they won’t call in outside their normally scheduled time.

Another possibility is that the algorithm the company is using to generate conference ID # is flawed and doesn’t generate truly unique IDs. One of the things I noticed is that with most audio conference companies I use, I typically get a 9-12 digit code for the conference, whereas these folks only used a 6 digit code which struck me as kind of odd.

Regardless if it was something like this or something completely different, this sort of thing is completely unacceptable and should never happen. I had never used this particular company before and certainly will warn other people in my organization about them.

Given how important security is in third party hosted audio/video conferencing, its surprising how cavalier some companies are about security.

Post Revisions:

There are no revisions for this post.

Leave a Reply