Lifesize Statement Regarding February 7 Trustwave Report

Austin, Texas — Feb 7, 2019

 

On February 7, Trustwave published a report concerning an exploit method discovered by researchers impacting four legacy Lifesize products:

  • Lifesize Teams and Lifesize Rooms, part of the previously retired Lifesize 200 and Lifesize 220 family of products,
  • Lifesize Networker, a previously retired gateway for integration between IP and ISDNs, and  
  • Lifesize Passport, a previously retired USB-based camera system series.

After first learning of this flaw, Lifesize engineering conducted an investigation which confirmed the vulnerability in cases when one of the above products was either deployed outside the firewall on a public IP address, or the attack originated from within the organization by an individual with administrator access to the systems, which is uncommon unless the systems were never configured or still used default login credentials.

Series 200 systems and Lifesize Passport systems have not been sold for more than five years and have been officially end of life since January 2017. Lifesize Networker has not been sold since January 2016, with end of life announced for March 31, 2019. Series 220 systems have not been sold since August 2017. As with all Lifesize products, we remain committed to supporting customers using legacy systems through the end of their product lifecycle.

We have addressed the vulnerability and will be issuing a patch to all Lifesize Cloud customers currently using any of the impacted systems. Additionally, Lifesize customers with 220 Series systems not connected to the Lifesize cloud service can request a hotfix by contacting Lifesize support by telephone, email or by opening a support ticket. For more information, visit: https://www.lifesize.com/en/support/contact-support 

Security is of the utmost importance to Lifesize. All products are scanned and go through rigorous security testing using automated and manual processes, including external reviews. In rare instances when security flaws are found in our current lineup of products, they are addressed and patched within a matter of weeks, if not days.

We regret the inconvenience to our customers and are committed to improving our internal processes by which we escalate reported vulnerabilities so that we can address known issues faster.

About Lifesize

Headquartered in Austin, TX, Lifesize combines best-in-class, cloud-based video conferencing services with integrated equipment to help you present your business in the best light. Recognized as Frost & Sullivan’s Cloud Video Conferencing Vendor of the Year, Lifesize leads the industry in customer satisfaction with the world’s first 4K video conferencing solution and 4K service architecture. Together with a full suite of integrations and offerings designed for businesses of any size, Lifesize sets a new standard for workplace communication and productivity on a global scale. To see why companies like Yelp, Netflix and Major League Baseball rely on Lifesize for their mission-critical team communication, visit www.lifesize.com or follow the company @Lifesize.

Lifesize and the Lifesize logo are trademarks of Lifesize, Inc. All other trademarks are the property of their respective owners.

###

Request a Demo