weather icon Mostly Cloudy

Backdoor in security means hackers could tap into corporate conference calls

NEW YORK — Lots of companies — and even the White House  use a conference calling system that could possibly be tapped by hackers, according to new research.

On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that’s built into a popular conference calling product built by a company called AMX.

AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.

The company hard-coded backdoor access into its system. AMX created a “secret account” with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

It’s a glaring security hole.

SEC Consult researchers discovered the questionable computer code, detailing it in a blog post Thursday.

Harman, the American tech firm that makes AMX systems, acknowledged the issue — but called it an intentional feature. The company said it disabled the access point through a software update in December.

But cybersecurity experts say it’s still serious.

“This is tantamount to handing over an unlocked military/government smartphone or computer system to an enemy,” said Phil Hagen, who teaches cybersecurity professionals at the SANS Institute. “It’s a huge problem that anyone with the ‘secret account’ credentials could theoretically access those devices.”

The White House didn’t immediately respond to questions about security concerns.

David Kennedy, CEO of cybersecurity firm TrustedSec, compares the seriousness of this AMX problem to last month’s discovery of a backdoor hack in Juniper Networks computer equipment used by the U.S. government and corporations everywhere.

Some, like WhiteHat Security’s Jeremiah Grossman, went as far as to say that anyone who uses this conference calling system “should be considered compromised.”

An innocent mistake?

Computer security experts told CNNMoney this seems like a case of sloppy computer programming. The access point was probably built for fixing problems during product development and accidentally left in.

In its report, SEC Consult points out that AMX created a secret account with a coded name that translates to “BlackWidow.” The cybersecurity firm notified AMX, which fixed the problem sometime in the next seven months.

But then SEC Consult researchers looked again and discovered that the secret account still existed — only this time it was called “1MB@tMaN.”

The fact that both names are references to comic book superheroes has cybersecurity experts asking whether this backdoor is a deliberate attempt by AMX to create a secret access point.

Actually, BlackWidow was indeed a backdoor.

Harmon company representative Darrin Shewchuk explained that BlackWidow was a “diagnostic and maintenance login for customer support of technical issues.” Though it was never meant to be secret, he said.

Meanwhile, the Batman reference was “an entirely different internal feature” that let internal devices talk to one another. It wasn’t a replacement backdoor.

Shewchuk said the names were just internal company humor.

In the notoriously paranoid computer security field, this existence of a backdoor leaves some wary of the potential for espionage.

“There can be no other explanation for the presence of this other than to provide a secret backdoor into the product,” said Jeremiah Talamantes, president of cybersecurity firm RedTeam Security.

Either way, it’s a deemed a risk.

“It’s a massive problem, even if accidental — unconscionable if deliberate,” Hagen said.

Don't miss the big stories. Like us on Facebook.
Henderson Hospital staff, patients reunited

Henderson Hospital celebrated its first anniversary by inviting all former neonatal intensive care unit (NICU) patients and their families to reunite.

Forage for decor items in nature, garbage bins

Joanna Maclennan’s recently published book, “The Foraged Home,” is filled with photos of how she and others have decorated spaces with found items — from seashells and tree branches to furniture.

Regular-size furniture will oftentimes work in small space

One of the most prevalent size and scale rules you may have heard is the small room, small furniture one. Not true. In reality, regular size or even large pieces will more often make a small space look larger.

Slime mold fungus in lawn causes no harm

Slime mold fungi are particularly disgusting because they are gelatinous and, over time, change color if they’re left undisturbed. Slime molds can lay atop the grass and smother it.

Homeowners replacing worn carpet with tile or luxury vinyl

When it’s time to get rid of the carpet, many homeowners are choosing tile planks or luxury vinyl planks. They want the look of wood without the maintenance.