[ISN] UK smoking ban opens doors for hackers

From: InfoSec News (alerts@private)
Date: Thu Feb 15 2007 - 00:10:51 PST


By Robert Jaques
14 Feb 2007

Security experts today warned that the impending total ban on smoking in 
UK workplaces could be used by social engineering hackers to steal 
sensitive corporate data.

In a recent exercise undertaken by security consultancy NTA Monitor, a 
tester was able to gain access to a corporate building through a back 
door that was left open for smokers.

Once inside, the tester requested to be taken to a meeting room, 
claiming that the IT department had sent him. Even without a pass, he 
gained access unchallenged and was able to connect his laptop to the 
VoIP network via a telephone point.

Roy Hills, technical director at NTA Monitor, said: "It used to be that 
companies 'left the back door open' in terms of internet security. Now 
they are literally leaving their buildings open to accommodate smokers.

"We are experiencing a surge in demand for social engineering tests as 
hackers are turning to social techniques to infiltrate corporate 

He added that the exercise proves that once inside a corporate building, 
an attacker can use social methods on employees to gain access to 
restricted areas and information.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Thu Feb 15 2007 - 00:29:28 PST