Projecting Insecurity: Ethical Hacking of Collaborative Wireless Display Systems

This study investigates the vulnerabilities of Solstice Pods, wireless collaboration devices used in academic and organizational environments, by identifying exposed devices through internet search platforms such as Censys.io and Shodan. The research focuses on unauthorized access to device configuration pages and session key retrieval without authentication. The study found that, through specific queries in Censys.io, pentesters were able to access the main screen and configuration pages of Solstice Pods, including those from 10 universities across the United States. A total of 66 fully vulnerable devices were discovered across the universities. Exposed settings allowed the manipulation of crucial configurations, including screen-key disabling, device password changes, and access to confidential data. In addition, appending specific text to the device’s URL enabled the retrieval of session keys used for screen sharing, which are dynamic and essential for content sharing. The results reveal high security risks, including unauthorized screen hijacking, data interception, and other malicious activities. Findings were reported to the relevant organizations, who responded with various actions, including further investigation and mitigation efforts. This paper emphasizes the need for robust security measures for Solstice Pods in academic and professional settings.