http://www.upi.com/International_Security/Emerging_Threats/Analysis/2008/02/01/analysis_wireless_phone_headsets_insecure/2674/ By SHAUN WATERMAN UPI Homeland and National Security Editor Feb. 1, 2008 WASHINGTON, Feb. 1 (UPI) -- Wireless phone headsets of the kind beloved by Wall Street executives and high-end law firms can be bugged by simple off-the-shelf radio scanners unless they are encrypted. "These guys are bugging their own office, essentially," security consultant Doug Shields told United Press International. He said that, for a recent client, he had used an inexpensive commercial scanner capable of monitoring frequencies in the 900 MHz and 1.2 GHz ranges, which is where many of the popular hands-free headsets operate. He said the scanner could hear conversations inside buildings as far as 600 feet away. "Sometimes, when the other party has hung up, the wireless connection remains open and you can hear what (the party at your end) is saying afterwards." >From a position across the street from his client's facility, he said, the equipment was able to record conversations by employees, including commercially sensitive information. "Some of this stuff, if you traded on it, you'd never have to work again," said Shields, a partner in Syracuse, N.Y.-based Secure Network Inc. Scott Berinato, the executive editor of Chief Security Officer magazine, told UPI he was aware of cases where the technique had been employed, among others, for corporate espionage. "Some are encrypted, most are not," he said of the commercially available headsets. "The risk is (the difficulty involved in bugging them) is reasonably trivial." [...] ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Feb 04 2008 - 00:23:07 PST