Mr. Moore has found it easy to get into several top venture capital and law firms, pharmaceutical and oil companies and courtrooms across the country. He even found a path into the Goldman Sachs boardroom. “The entry bar has fallen to the floor,” said Mike Tuchen, chief executive of Rapid7. “These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”

Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone lines. Over the last decade, videoconferencing — like everything else — migrated to the Internet. Now, most businesses use Internet protocol videoconferencing — a souped-up version of Skype — to connect with colleagues and customers. Most of these new systems were designed with visual and audio clarity — not security — in mind.

Rapid7 discovered that hundreds of thousands of businesses were investing in top-quality videoconferencing units, but were setting them up on the cheap. At last count, companies spent an estimated $693 million on group videoconferencing from July to September of last year, according to Wainhouse Research.

The most popular units, sold by Polycom and Cisco, can cost as much as $25,000 and feature encryption, high-definition video capture, and audio that can pick up the sound of a door opening 300 feet away. But administrators are setting them up outside the firewall and are configuring them with a false sense of security that hackers can use against them.

Whether real hackers are exploiting this vulnerability is unknown; no company has announced that it has been hacked. (Nor would one, and most would never know in any case.) But with videoconference systems so ubiquitous, they make for an easy target.