Owl Labs, a company that deals with video conferencing, has announced severe exposure to its devices, including the Whiteboard Owl and Meeting Owl Pro. These two softwares allow people to set up important meetings wherever their team is. Users can share documents, e-mails, chats and even real-time polls. They can also record sessions.
The company claims that more than 1OO people worldwide use the software. While this may be true, many of those people use the free version of the product without the security patch.
Recently, Modzero, a Swiss- and German-based security firm that conducts penetration tests and assesses risks for companies and government agencies, discovered vulnerabilities in its owl equipment. They discovered that exposure could allow hackers to access a user’s account and steal sensitive data.
The research team discovered weaknesses when analyzing video conferencing solutions for a client. While working through a list of vendors, they noticed many products with similar functionality that looked like they might be weak.
As a result, the company decided to mount a 360 ° lens on its tool, the Meeting Owl Pro, to visit the conference area to get a clearer view of the situation. Google supports various conference solution devices like Meet, Zoom and Skype.
According to the survey, Meeting Owl Pro had five exposures:
(CVSS score 9.3), (CVSS score 7.4), CVE-2022-31459, (CVSS score 8.2), CVE-2022-31461, CVE-2022-31460CVE-2022-31463 and CVE-2022-31463 and CVE-31422.
Researchers believe the above Related to hardcoded commands. This means that passcodes help create a unique Wi-Fi spot for Meeting Owl Pro. This affects all other web apps that handle meeting owl gadgets
Modzero believes that if the device is in AP mode all traffic is directed towards the network but not towards the owl. This happens because the tool is connected to WIFI. Thus, the problem persists, and the exposure may work without validity.
Owl Labs on Monday revealed the existence of the CVE-2022-31460 patch. Using Bluetooth capabilities, attackers can manipulate the tool using this malicious bug and turn it into a destructive owner’s network access spot.
On the same day, the company announced software version 5.4.1.4. The model belongs to two tools, Whiteboard Owl And Meeting Owl Pro, To weaken network traffic vulnerabilities using Wi-Fi AP’s tether mode. This restricts the activity of these gadgets as wireless entry spots.
According to the company, future updates will resolve pending errors. 5.4.1.4 Updates will protect all devices from potential threat attempts. Further, the software application version 5.4.1.4 will block unwanted network access from the above errors.
The agency said that since the PIN issue was risk-free, anyone could access the meeting settings. 360 Presenters only need to be within Bluetooth range to use advanced settings. The device’s internal switchboard comes in contact with pending issues. With the help of a sister app, an attacker can do something that gives access to unauthorized Bluetooth-enabled capabilities and disables the code without validation.
Critical vulnerabilities, CVE-2022-31462 is the existence of a static secret passcode measured using data seen in the Bluetooth low power range. Studies show that the hardcoded passcode shows the serial software of the SHA-1 device depicted as an “owl over Bluetooth”.
The US Cybersecurity Body (CISA) has asked Owl device users to upgrade to version 5.4.1.4 of the software. CISA Dr. That Owl Lab has issued a security update to stop the exposure (CVE-2022-31460) for attackers from accessing tools and stealing sensitive information.
While many people use Owl Labs software, exposure exposes a significant combined risk that outweighs any gain. But despite all the shortcomings, many state government companies continue to use video conferencing equipment. Researchers have advised people to disconnect their Bluetooth devices to reduce the risk of exposure when using the software.
