Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Phone Switches + telephone banking etc

From: quentyn () fotango com
Date: Thu, 06 Jun 2002 16:53:35 +0100
I was thinking today about phone switches, many of them are connected to
the internal LAN. Many of them record all the keystrokes made by the
individual phones (this is the important bit). If one could compromise a
phone switch (or where ever it stores it's logs) then making free calls
would be a minor issue. The prize in this situation could be who phoned
what bank and if you can get the key presses then if that person has
used the automated telephone banking service, you will have ( at a
minimum):

 the account number 
 sort code
 any verification number


has any one done any work in this area ?

I know many banks ( at least in the UK) will say not to use their
service through cordless phones, maybe they should increase to include
corporate phone switches.



Q
 
-- 
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################
RFC 882 put the dot in .com.
Previous By Date Next
Previous By Thread Next

Current thread: