Tech Tracker: Can Passive Radio Eavesdroppers Listen In On Your Company?

Any wireless device is a potential bug for 900-MHz band scanning.

Think you only need to worry about attackers tapping into your wireless LAN? Then visualize this scenario: It's 9 a.m., and your employees are getting down to business. Our villain, Dave, orders a latte and takes a seat at a curbside table across from your building. He pulls out a laptop and a handheld police scanner he picked up in Canada, plugs in an earbud, and starts scanning the 900-MHz band.

Within a few minutes, Dave is listening to Mary in accounting talking to her counterpart at an acquisition target. He moves on and finds a call between the help desk and an employee who lost her password. Dave jots down a few notes and moves on. In about three hours, he's collected employee and server names, passwords, and customer contacts. He's listened in on a high-level strategy session and a CEO talking to his VP of development. Armed with this information, Dave can easily con his way into the building and access sensitive data.

Not bad for a $300 radio, a $4.50 latte, and no chance of detection.

Passive radio eavesdropping is a low-budget, relatively safe way for potential attackers to scout out targets. Anyone in your organization using a wireless headset or cord-less phone is potentially broadcasting sensitive material. All an attacker needs is a scanner set to the right frequency range and some patience. We tested this exploit with a cordless phone, but any analog wireless device can be monitored with consumer-grade scanners. The proliferation of wireless systems, for example, offers ample opportunity to listen in. Many audio systems found in conference rooms for recording meetings and conference calls, if they incorporate wireless stations, simply broadcast at 450 or 900 MHz the conversations in the room, regardless of whether the unit is recording or connected to a conference call.

The product is the bug.