Good hacker uses vid vulns to spy on Quebec Liberal Party meetings
Researcher reports flaws, proffers screencaps.
Closed-door meetings by Canada's Quebec Liberal Party were exposed to trivial eavesdropping thanks to flaws in its video conferencing software.
The flaws, found and reported by a resident white hat researcher, are being fixed.
The researcher speaking on the condition of anonymity told local tabloid Le Journal de Montreal (French) he accessed the video streams using a vulnerability and the default password which was in use.
They were able to gain on-demand access to two meeting rooms in Quebec and Montreal, and supplied screen captures as evidence of the exploit.
"It was just too easy," the researcher told the paper.
"It is as if they had stuck their PIN on their credit card."
Party communications director Maxime Roy says nothing relating to national security was discussed at the meetings.
"For now, the important thing is to secure and understand what happened," Roy says.
"We are working with our supplier." ®