Closed more vulnerabilities in video conferencing hardware Meeting Owl

Closed more vulnerabilities in video conferencing hardware Meeting Owl

If you conduct video conferences using the Meeting Owl Pro or 3 hardware, you should ensure that the latest firmware is installed. The devices were vulnerable for several weeks. Now all security gaps discovered in June should be closed.

In early June 2022, it was announced that security researchers from Modzero had discovered five vulnerabilities in Owl Labs video conferencing hardware. Since then, several security updates have been released and meanwhile all vulnerabilities from the investigation are said to have been eliminated. The manufacturer assures this in a statement.

By exploiting the vulnerabilities, attackers could have gained full control over devices with a hard-coded password within Bluetooth range (CVE-2022-31462 “critical“). With version 5.4.1.4, the developers only closed one gap in June. Version 5.4.2.3 followed a few weeks later and closed the remaining gaps.

Currently is the Version 5.4.3.4. As can be seen from the changelog, the developers have protected the firmware update against manipulation with encryption. In addition, you can now update the firmware of the video conference hardware offline using a smartphone.

(of)

To home page

Big update of Apple's Streetview service: look around in almost all of Germany Previous post Big update of Apple’s Streetview service: look around in almost all of Germany
c't workshop: Securing services with SELinux Next post c’t workshop: Securing services with SELinux