Vulnerability Development mailing list archives
Phone Switches + telephone banking etc
From: quentyn () fotango com
Date: Thu, 06 Jun 2002 16:53:35 +0100
I was thinking today about phone switches, many of them are connected to the internal LAN. Many of them record all the keystrokes made by the individual phones (this is the important bit). If one could compromise a phone switch (or where ever it stores it's logs) then making free calls would be a minor issue. The prize in this situation could be who phoned what bank and if you can get the key presses then if that person has used the automated telephone banking service, you will have ( at a minimum): the account number sort code any verification number has any one done any work in this area ? I know many banks ( at least in the UK) will say not to use their service through cordless phones, maybe they should increase to include corporate phone switches. Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### RFC 882 put the dot in .com.
Current thread:
- Phone Switches + telephone banking etc quentyn (Jun 06)
- RE: Phone Switches + telephone banking etc Kit (Jun 06)
- <Possible follow-ups>
- RE: Phone Switches + telephone banking etc Kayne Ian (Softlab) (Jun 07)
- Re: Phone Switches + telephone banking etc quentyn (Jun 07)
- Re: Phone Switches + telephone banking etc hellNbak (Jun 07)
- Re: Phone Switches + telephone banking etc KF (Jun 10)
- Re: Phone Switches + telephone banking etc digitalFX (Jun 07)
- Re: Phone Switches + telephone banking etc quentyn (Jun 07)
- RE: Phone Switches + telephone banking etc ash (Jun 08)
- RE: Phone Switches + telephone banking etc Jacek Lipkowski (Jun 10)
- RE: Phone Switches + telephone banking etc Vachon, Scott (Jun 07)
- Re: Phone Switches + telephone banking etc Dave Booth (Jun 07)