Migliaccio & Rathod LLP is currently investigating Owl Labs (“Owl”) for its failure to disclose to purchasers certain vulnerabilities in its Meeting Owl Pro videoconference device that posed risks to networks the device is connected to and the personal information of those who register and administer the device. These risks include, but are not limited to, the following:
- The exposure of names, email addresses, IP addresses, and geographic locations of all Meeting Owl Pro users in an online database that can be accessed by anyone with knowledge of how the system works. This data can be exploited to map network topologies or socially engineer or dox employees.
- The device provides anyone with access to it with the interprocess communication channel, or IPC, it uses to interact with other devices on the network. This information can be exploited by malicious insiders or hackers who exploit some of the vulnerabilities found during the analysis
- Bluetooth functionality designed to extend the range of devices and provide remote control by default uses no passcode, making it possible for a hacker in proximity to control the devices. Even when a passcode is optionally set, the hacker can disable it without first having to supply it.
- An access point mode that creates a new Wi-Fi SSID while using a separate SSID to stay connected to the organization network. By exploiting Wi-Fi or Bluetooth functionalities, an attacker can compromise the Meeting Owl Pro device and then use it as a rogue access point that infiltrates or exfiltrates data or malware into or out of the network.
- Images of captured whiteboard sessions—which are supposed to be available only to meeting participants—could be downloaded by anyone with an understanding of how the system works.
These very serious risks and vulnerabilities, which were discovered in January 2022 by a team of global data security researchers, remain unpatched.
Did you or someone you know purchase a Meeting Owl Pro videoconference device after Owl was informed of the security vulnerabilities in January 2022?
If so, please complete the contact form on this page, send us an email at firstname.lastname@example.org, or give us a call at (202) 470-3520 for a free consultation.
Committed to Consumer Protection
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches and product defects. More information about our current cases and investigations is available on our blog.