Huge Security Flaws in Meeting Owls

Meeting Owl Pro and Whiteboard Owl were embraced for their innovative 360-degree video conferencing abilities, helping businesses to continue normal activities while remote working was in place. However, huge security vulnerabilities with Owl devices have been identified by security consultancy company Modzero that should not be ignored.

Personally Identifiable Information (PII) of all Meeting Owl Pro users is collected in an online database, that can be accessed easily by hackers. PII includes the names, email addresses and geographical locations of users, which can be used in targeted phishing attacks to trick individuals into giving the hackers what they want. No password is needed to access the information on this server, just a valid Meeting Owl serial number, meaning anyone who attempts this hack could potentially affect all Owl device users.

The Owl devices themselves also operate as an access point for hackers to get into your network, so all of your information is available for them to steal and use, or hold for ransom. The Bluetooth connectivity of the Owl devices does not require a passcode as a standard, and even when a passcode is implemented by a user, it can be easily disable by hackers due to another security flaw. Hackers can change the Wi-Fi connectivity options while connected via Bluetooth, so disabling these functions to try and negate the threat will not work, as the hackers can just re-enable these functionalities, and continue to take your data or implement malicious code on your network.

Whiteboard Owl devices have a whiteboard capture feature that is supposed to only be available to meeting participants, however this data can actually be downloaded by anyone able to access the system. Data discussed in meetings that could be considered trade secrets could now potentially be accessed by anyone, which caused Owl Labs to suspend this feature in March until a fix can be made available.

Owl Labs have released a security update this week, all users should immediately ensure their software is up to date and operating on Version 5.4.1.4. This update stops hackers from being able to connect to the rest of your network devices that are on the same Wi-Fi as the Owl device, and is therefore important protection for your data and business operations. If your network is compromised, you can not only suffer data losses, but also a loss of confidence from clients and business partners, as they no longer have trust in your company to keep their information confidential.

Need Help Securing your business?

We manage cyber security for our clients, keeping their business secure and their data safe.

Arrange a free discovery session to find out how we can help you