Owl Labs has secured its devices against possible attacks with additional security updates.
If you conduct video conferences using the Meeting Owl Pro or 3 hardware, you should ensure that the latest firmware is installed. The devices were vulnerable for several weeks. Now all security gaps discovered in June should be closed.
In early June 2022, it was announced that security researchers from Modzero had discovered five vulnerabilities in Owl Labs video conferencing hardware. Since then, several security updates have been released and meanwhile all vulnerabilities from the investigation are said to have been eliminated. The manufacturer assures this in a statement.
Hostile takeover possible
By exploiting the vulnerabilities, attackers could have gained full control over devices with a hard-coded password within Bluetooth range (CVE-2022-31462 “critical“). With version 5.4.1.4, the developers only closed one gap in June. Version 5.4.2.3 followed a few weeks later and closed the remaining gaps.
Currently is the Release 5.4.3.4. As can be seen from the changelog, the developers have protected the firmware update against manipulation with encryption. In addition, you can now update the firmware of the video conference hardware offline using a smartphone.
