字幕表 動画を再生する 英語字幕をプリント With the pandemic shifting many to remote work globally, employees now spend more than five billion minutes per month in virtual meetings. In response to the rapid shift, IBM's security teams took a closer look at the increased risk of conducting sensitive meetings in virtual settings. Working with its strategic partner, Cisco, IBM tested the security of videoconferencing tools used across the company. What is a ghost you ask? A ghost is a term that we're using for a participant in the meeting that no one else can see. They don't show up in the participant list, and they were never invited to the meeting. So they can hear everyone. They can speak. They can often see shared media and screens. In order to establish a proper connection, an application and a server exchange messages during the initial handshake process. IBM Research found a way to manipulate the information during the initial handshake process to stay invisible on the participants list, thus becoming a ghost. During our investigation, what we focused on was the communication pattern between the application and the server side. We are basically acting as a man-in-the-middle between this communication and monitoring web traffic and what protocol they are using. So this type of analysis can be used for analyzing any other kind of communication pattern. Alternatively, researchers found the attacker can also exploit common confusion. If the meeting participants and hosts aren't paying attention to the number of entry tones signaling a new participant has joined the call, the attacker can easily join in stealth mode unnoticed. Participants may also simply chalk any additional entry tones up to network issues, allowing the ghost to continue undisturbed. In the work from home environment, we're all a little bit more distracted, there are lots of things going on, and you might not notice any of these additional cues. So the more hectic work environment that we have now makes us all much more susceptible to these types of social engineering attacks. Not only could an attacker join meetings undetected or disappear while maintaining audio connectivity, but they can also disregard the host's expel order and continue in stealth mode. The ghost could also exploit this when the host holds several back-to-back meetings in the same meeting room. They may appear to drop from a call but can remain connected for subsequent calls and steal valuable information. This leads to the third vulnerability. A ghost can gain access to information on meeting attendees— including full names, email addresses, IP addresses— straight from the meeting room lobby, without ever being admitted to the call. This valuable information can be used for a wide range of attacks or even just data collecting on valuable attendees in the meeting. So what can Webex users do? So what a Webex user can do is they can assess the confidentiality of the meeting. Can they use a personal meeting room, or should they use a unique ID for each new meeting? There is a password and the meeting ID. So if we use a unique meeting ID and also password protect the meeting, that also prevents the ghost from entering to the lobby. While this vulnerability is now patched, attackers are constantly looking for new ways to exploit flaws in popular applications. So there are always going to be new vulnerabilities. So we try to be very proactive and find them before the adversaries do. We continue to look at our own existing applications and services that we use and do that in such a way that we can protect IBM and our clients.