Tech Tracker: Can Passive Radio Eavesdroppers Listen In On Your Company? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
7/30/2008
04:45 PM
Mike Fratto
Mike Fratto
Features
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Tech Tracker: Can Passive Radio Eavesdroppers Listen In On Your Company?

Any wireless device is a potential bug for 900-MHz band scanning.

Think you only need to worry about attackers tapping into your wireless LAN? Then visualize this scenario: It's 9 a.m., and your employees are getting down to business. Our villain, Dave, orders a latte and takes a seat at a curbside table across from your building. He pulls out a laptop and a handheld police scanner he picked up in Canada, plugs in an earbud, and starts scanning the 900-MHz band.

Within a few minutes, Dave is listening to Mary in accounting talking to her counterpart at an acquisition target. He moves on and finds a call between the help desk and an employee who lost her password. Dave jots down a few notes and moves on. In about three hours, he's collected employee and server names, passwords, and customer contacts. He's listened in on a high-level strategy session and a CEO talking to his VP of development. Armed with this information, Dave can easily con his way into the building and access sensitive data.

InformationWeek Reports

Not bad for a $300 radio, a $4.50 latte, and no chance of detection.

DIG DEEPER
SECURITY IN NUMBERS
Managing a miasma of mobile devices? Maximize your security options.
Passive radio eavesdropping is a low-budget, relatively safe way for potential attackers to scout out targets. Anyone in your organization using a wireless headset or cord-less phone is potentially broadcasting sensitive material. All an attacker needs is a scanner set to the right frequency range and some patience. We tested this exploit with a cordless phone, but any analog wireless device can be monitored with consumer-grade scanners. The proliferation of wireless systems, for example, offers ample opportunity to listen in. Many audio systems found in conference rooms for recording meetings and conference calls, if they incorporate wireless stations, simply broadcast at 450 or 900 MHz the conversations in the room, regardless of whether the unit is recording or connected to a conference call.

The product is the bug.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll