Cisco said it was not aware of any new software vulnerabilities in its TelePresence products. On the issue of auto-answer, Cisco said "the feature on all Cisco TelePresence products is set by the administrator of the network."
LifeSize, a division of Logitech, said it ships all of its products with auto-answer disabled by default. Secure deployment remains a challenge with video conferencing systems, and the company is committed to simplifying the process, it said.
LifeSize said it offers a client-server NAT (Network Address Translation) traversal product called LifeSize Transit, which helps administrators set up conferencing behind the firewall with encryption. A cheaper option is LifeSize's Connections, which involves downloading a program to a computer. The cloud-based service allows for encrypted calling behind the firewall with a simplified setup process.
LifeSize is also doing more to try to educate its customers. On Tuesday, it launched the LifeSize Enablement Network, which is a series of short video training clips to educate its customers more about it products. That program was in development well before Rapid7's findings were publicized, according to a LifeSize spokeswoman.
But Moore feels overall teleconferencing systems should be made easier to securely deploy since they "are not very well understood by the technical people," he said.
Sign up for CIO Asia eNewsletters.