Here at LogMeIn security and privacy are core tenets of every product we build. We take measures designed to ensure the security of LogMeIn’s products through our own tests as well as our long and fruitful history of working with third party researchers to identity potential vulnerabilities and fix them long before they become issues for our tens of millions of users around the globe.
One such example of the work done with a third party researcher was around an audio issue first identified by Mohamed Baset, founder of Seekurity.com. The specific issue could have permitted a bad actor, through a specific set of circumstances, to craft a malicious link and distribute it to a victim in order to entice them into an unintended GoToMeeting session. While historically most users are muted upon joining a meeting, if a user had chosen to set their meetings to start audio right away and the user had fallen prey to clicking into such a malicious webpage, the bad actor may be able to hear their target’s audio without their knowledge through the open GoToMeeting session.
Once Mr. Baset reached out to LogMeIn, our team immediately investigated and set in motion a plan to fix the reported vulnerability. We have since resolved this potential issue by ensuring that, by default, all GoToMeeting users are muted upon joining a session and would need to otherwise choose to unmute their session in GoToMeeting’s pre-session preview window available in the new GoToMeeting experience. This resolution applies to all versions of GoToMeeting including our just released new GoToMeeting. This fix also applies whether users are joining via our desktop or mobile apps or starting a meeting from a web browser.
Our company has a long history of working with third parties and white hat researchers like Mr. Baset to identify and fix bugs across our products. Whether it’s through user feedback to improve the overall product experience, to companies like Swascan who recently worked with LogMeIn to proactively address a potential vulnerability with an old server that has since been decommissioned, we value the role our partners play in keeping our users safe.
Security is a top priority for GoToMeeting and the rest of the LogMeIn portfolio and it’s through our own testing and third-party researchers that we can ensure that LogMeIn products continue to be secure each and every time you log in. We appreciate the important work white hat researchers provide in augmenting the security of our products for all of our users.
For more information on our security policies, please download our security whitepaper, which describes our approach to confidentiality, integrity and availability. You can also check out LogMeIn’s Trust Center and our recent blog post.