Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: listening to people/offices when on-hold on the phone
From: "David Gutierrez" <davegu1 () hotmail com>
Date: Mon, 25 Jun 2007 18:58:05 -0500

And how do you turn that on .


From: "Thor (Hammer of God)" <thor () hammerofgod com>
To: "Robin Wood" <dninja () gmail com>,"PenTest" <pen-test () securityfocus com>
Subject: Re: listening to people/offices when on-hold on the phone
Date: Sat, 23 Jun 2007 11:15:40 -0700
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by bay0-mc3-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 23 Jun 2007 12:44:59 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mx3.hotmail.com [65.54.244.72]) with ESMTP; Sat, 23 Jun 2007 12:37:44 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 617B023701F; Sat, 23 Jun 2007 13:36:01 -0600 (MDT)
Received: (qmail 24070 invoked from network); 23 Jun 2007 18:32:05 -0000
X-Message-Info: LsUYwwHHNt2EFR00FEoSgsU1xMLuzsV9dWpWb3aotqi/pDSLspJnCyCGtXCuWhnT
Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <pen-test.list-id.securityfocus.com>
List-Post: <mailto:pen-test () securityfocus com>
List-Help: <mailto:pen-test-help () securityfocus com>
List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com>
List-Subscribe: <mailto:pen-test-subscribe () securityfocus com>
Resent-Sender: listbounce () securityfocus com
Errors-To: listbounce () securityfocus com
Delivered-To: mailing list pen-test () securityfocus com
Delivered-To: moderator for pen-test () securityfocus com
References: <2cf3b3170706220337n7922dc65l2240ca9101de0dac () mail gmail com> <1182536195.467c12033e379 () webmail telus net> <2cf3b3170706230027k7c120e62y81c9510b066b9bf6 () mail gmail com>
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16480
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
Resent-Message-Id: <20070623193601.617B023701F () outgoing3 securityfocus com>
Resent-Date: Sat, 23 Jun 2007 13:36:01 -0600 (MDT)
Resent-From: pen-test-return-1078484451 () securityfocus com
Return-Path: pen-test-return-1078484451-davegu1=hotmail.com () securityfocus com X-OriginalArrivalTime: 23 Jun 2007 19:44:59.0969 (UTC) FILETIME=[FC090B10:01C7B5CE]

Why worry about getting them to dial out when you can just switch on the microphone and listen? ;)

t

----- Original Message ----- From: "Robin Wood" <dninja () gmail com>
To: "PenTest" <pen-test () securityfocus com>
Sent: Saturday, June 23, 2007 12:27 AM
Subject: Re: listening to people/offices when on-hold on the phone


That is the kind of thing I was thinking of. You'd have to be very
luck to do it but you might get something.

One way you might use this is if you know there are visitors in and
the office is open plan. Find someone who sits near where the visitors
are likely to be, i.e. somewhere around a demo pc or maybe a key
developers desk, and try to get them with this.

Just a follow on thought from this, it is possible to hack bluetooth
to get some mobile phones to dial out. Imagine doing this to a manager
in a meeting, get him to call a free conference line, you get on the
other end, and you've got your own bug in the office.

Robin

On 6/22/07, Joel Eusebio <joele () telus net> wrote:

Good point. And what if you were on hold while calling from work? And suddenly your co-worker shouts out loud "is the password on this server still....." :)

cheers,

Joel



Quoting Robin Wood <dninja () gmail com>:

> Hi
> Imagine the situation, you get a message to call someone, your call
> gets answered by an automated system which says there may be a few
> minutes wait and gives you the bad hold music. You hit the hands free
> button on the phone and get on with work while you wait for it to be
> answered.
>
> Unless you mute the call, the person/system on the other end of the
> call could be listening in while pretending to be on hold and
> potentially hear all that is going on around you.
>
> It is a random attack vector but it could allow an attacker to pick up
> all sorts of information. I thought about it while sitting on hold for
> over 30 mins trying to get through to my mobile phone support line
> last night. If they had been listening they would know what I had for
> dinner.
>
> Anyone tried listening in like this? Anyone got any comments?
>
> Robin
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

_________________________________________________________________
Picture this – share your photos and you could win big! http://www.GETREALPhotoContest.com?ocid=TXT_TAGHM&loc=us


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault