Penetration Testing mailing list archives
Re: listening to people/offices when on-hold on the phone
From: "David Gutierrez" <davegu1 () hotmail com>
Date: Mon, 25 Jun 2007 18:58:05 -0500
And how do you turn that on . From: "Thor (Hammer of God)" <thor () hammerofgod com> To: "Robin Wood" <dninja () gmail com>,"PenTest" <pen-test () securityfocus com> Subject: Re: listening to people/offices when on-hold on the phone Date: Sat, 23 Jun 2007 11:15:40 -0700 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.27]) by bay0-mc3-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 23 Jun 2007 12:44:59 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mx3.hotmail.com [65.54.244.72]) with ESMTP; Sat, 23 Jun 2007 12:37:44 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 617B023701F; Sat, 23 Jun 2007 13:36:01 -0600 (MDT)
Received: (qmail 24070 invoked from network); 23 Jun 2007 18:32:05 -0000X-Message-Info: LsUYwwHHNt2EFR00FEoSgsU1xMLuzsV9dWpWb3aotqi/pDSLspJnCyCGtXCuWhnT
Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <pen-test.list-id.securityfocus.com> List-Post: <mailto:pen-test () securityfocus com> List-Help: <mailto:pen-test-help () securityfocus com> List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com> List-Subscribe: <mailto:pen-test-subscribe () securityfocus com> Resent-Sender: listbounce () securityfocus com Errors-To: listbounce () securityfocus com Delivered-To: mailing list pen-test () securityfocus com Delivered-To: moderator for pen-test () securityfocus comReferences: <2cf3b3170706220337n7922dc65l2240ca9101de0dac () mail gmail com> <1182536195.467c12033e379 () webmail telus net> <2cf3b3170706230027k7c120e62y81c9510b066b9bf6 () mail gmail com>
X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6000.16480 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480 Resent-Message-Id: <20070623193601.617B023701F () outgoing3 securityfocus com> Resent-Date: Sat, 23 Jun 2007 13:36:01 -0600 (MDT) Resent-From: pen-test-return-1078484451 () securityfocus comReturn-Path: pen-test-return-1078484451-davegu1=hotmail.com () securityfocus com X-OriginalArrivalTime: 23 Jun 2007 19:44:59.0969 (UTC) FILETIME=[FC090B10:01C7B5CE]
Why worry about getting them to dial out when you can just switch on the microphone and listen? ;)
t ----- Original Message ----- From: "Robin Wood" <dninja () gmail com> To: "PenTest" <pen-test () securityfocus com> Sent: Saturday, June 23, 2007 12:27 AM Subject: Re: listening to people/offices when on-hold on the phone
That is the kind of thing I was thinking of. You'd have to be very luck to do it but you might get something. One way you might use this is if you know there are visitors in and the office is open plan. Find someone who sits near where the visitors are likely to be, i.e. somewhere around a demo pc or maybe a key developers desk, and try to get them with this. Just a follow on thought from this, it is possible to hack bluetooth to get some mobile phones to dial out. Imagine doing this to a manager in a meeting, get him to call a free conference line, you get on the other end, and you've got your own bug in the office. Robin On 6/22/07, Joel Eusebio <joele () telus net> wrote:Good point. And what if you were on hold while calling from work? And suddenly your co-worker shouts out loud "is the password on this server still....." :)cheers, Joel Quoting Robin Wood <dninja () gmail com>: > Hi > Imagine the situation, you get a message to call someone, your call > gets answered by an automated system which says there may be a few > minutes wait and gives you the bad hold music. You hit the hands free > button on the phone and get on with work while you wait for it to be > answered. > > Unless you mute the call, the person/system on the other end of the > call could be listening in while pretending to be on hold and > potentially hear all that is going on around you. > > It is a random attack vector but it could allow an attacker to pick up > all sorts of information. I thought about it while sitting on hold for > over 30 mins trying to get through to my mobile phone support line > last night. If they had been listening they would know what I had for > dinner. > > Anyone tried listening in like this? Anyone got any comments? > > Robin >> ------------------------------------------------------------------------> This List Sponsored by: Cenzic > > Are you using SPI, Watchfire or WhiteHat? > Consider getting clear vision with Cenzic > See HOW Now with our 20/20 program! > > http://www.cenzic.com/c/2020> ------------------------------------------------------------------------> > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ _________________________________________________________________Picture this share your photos and you could win big! http://www.GETREALPhotoContest.com?ocid=TXT_TAGHM&loc=us
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- listening to people/offices when on-hold on the phone Robin Wood (Jun 22)
- Re: listening to people/offices when on-hold on the phone Jarrod Frates (Jun 22)
- Re: listening to people/offices when on-hold on the phone Joel Eusebio (Jun 22)
- Message not available
- Re: listening to people/offices when on-hold on the phone Robin Wood (Jun 24)
- Message not available
- Re: listening to people/offices when on-hold on the phone rajat swarup (Jun 26)
- <Possible follow-ups>
- Re: listening to people/offices when on-hold on the phone ebk_lists (Jun 22)
- Re: listening to people/offices when on-hold on the phone David Gutierrez (Jun 25)