Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The wireless wiretap

Published: 2010-09-26
Last Updated: 2010-09-26 16:50:40 UTC
by Daniel Wesemann (Version: 1)
4 comment(s)

Corporations and institutions are spending a lot of money to keep their data and voice networks protected against unauthorized access. Surprisingly enough, a lot of them seem to care a whole let less about which wireless head-sets their staff uses. A wireless head-set is, by definition, wireless, which means that anyone else in range of the signal can potentially listen in. The same rules as with WiFi apply: If the signal is not encrypted, or the encryption can be trivially broken, you are basically playing broadcast radio station for your neighborhood. All that's needed for the attacker is a 100$ "Scanner" available at every *mart and *shack.

This is by no means a new problem, but one that is still quite prevalent. And I'm not talking about the baby monitors that broadcast your neighbor's kid's annoyance over its first tooth, even though these can be a serious privacy concern, too. I'm talking about hospital, university, corporate wireless head-sets, bought in the cheap, without any regard to what sort of signal and transmission security these products actually use. If this sounds like your firm or institution, it might be a good idea to spend an hour on Monday to google for the products in use and and to find out for sure if your phone equipment acts as a broadcast radio station.

Keywords: wireless
4 comment(s)
Diary Archives