|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thor (Hammer of God) (thor
hammerofgod.com)
Date: Sat Jun 23 2007 - 13:15:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Why worry about getting them to dial out when you can just switch on the
microphone and listen? ;)
t
----- Original Message -----
From: "Robin Wood" <dninjagmail.com>
To: "PenTest" <pen-testsecurityfocus.com>
Sent: Saturday, June 23, 2007 12:27 AM
Subject: Re: listening to people/offices when on-hold on the phone
> That is the kind of thing I was thinking of. You'd have to be very
> luck to do it but you might get something.
>
> One way you might use this is if you know there are visitors in and
> the office is open plan. Find someone who sits near where the visitors
> are likely to be, i.e. somewhere around a demo pc or maybe a key
> developers desk, and try to get them with this.
>
> Just a follow on thought from this, it is possible to hack bluetooth
> to get some mobile phones to dial out. Imagine doing this to a manager
> in a meeting, get him to call a free conference line, you get on the
> other end, and you've got your own bug in the office.
>
> Robin
>
> On 6/22/07, Joel Eusebio <joeletelus.net> wrote:
>>
>> Good point. And what if you were on hold while calling from work? And
>> suddenly
>> your co-worker shouts out loud "is the password on this server
>> still....." :)
>>
>> cheers,
>>
>> Joel
>>
>>
>>
>> Quoting Robin Wood <dninjagmail.com>:
>>
>> > Hi
>> > Imagine the situation, you get a message to call someone, your call
>> > gets answered by an automated system which says there may be a few
>> > minutes wait and gives you the bad hold music. You hit the hands free
>> > button on the phone and get on with work while you wait for it to be
>> > answered.
>> >
>> > Unless you mute the call, the person/system on the other end of the
>> > call could be listening in while pretending to be on hold and
>> > potentially hear all that is going on around you.
>> >
>> > It is a random attack vector but it could allow an attacker to pick up
>> > all sorts of information. I thought about it while sitting on hold for
>> > over 30 mins trying to get through to my mobile phone support line
>> > last night. If they had been listening they would know what I had for
>> > dinner.
>> >
>> > Anyone tried listening in like this? Anyone got any comments?
>> >
>> > Robin
>> >
>> > ------------------------------------------------------------------------
>> > This List Sponsored by: Cenzic
>> >
>> > Are you using SPI, Watchfire or WhiteHat?
>> > Consider getting clear vision with Cenzic
>> > See HOW Now with our 20/20 program!
>> >
>> > http://www.cenzic.com/c/2020
>> > ------------------------------------------------------------------------
>> >
>> >
>>
>>
>>
>> ------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Are you using SPI, Watchfire or WhiteHat?
>> Consider getting clear vision with Cenzic
>> See HOW Now with our 20/20 program!
>>
>> http://www.cenzic.com/c/2020
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]