Spies like Us

The discoveries of widespread hacking, and concerns about Cell, and SmartPhone security have set a notable mood of paranoia in motion, with concerns around the security aspects of telephony.  However, this exposure is absolutely nothing new, and the associated threats posed today, have in fact been around for at least 20 years. So, to understand these threats, and the history, let us take a quick trip back in time.

Most seasoned security professionals worth their salt will be aware of John Draper (AKA Cap’n Crunch), and of course his association with the numeric value of 2600 – which is not only a very well respected Hacking Quarterly Magazine, but is also actually represents the 2600 Hz frequency (hertz) which was used by AT&T as a steady signal, to mark unused long distance telephone lines – and herein lies the early birth of Hacking, or to be exact, Phreaking.

It was around this time when the famous Blue Box arrived on the Phreaking scene, assisting the determined user to exploit, and access long range calls at zero cost. And whilst on the theme of Phreaking, it was in the early seventies when the breakfast Cereal Cap’n Crunch gave away a plastic toy whistle. However, as it turned out, by quirk of fate, this simple toy also mimicked the 2600 Hz signal as used by AT&T, and very soon, this small plastic device became the well know tool-of-opportunity to again leverage zero cost long distance telephone calls, by simply blowing down the line, and then bypassing that small matter of the billing system!
 
Coming a little more up to date, whilst this is by no means rocket science, do you remember those simple telephone handset dial locks, which were used to secure office telephones outside of normal office hours? The problem was, they were very ineffective, and it was just a simple matter of tapping in the required number, by simply taping the receiver cradle, with ‘1’ tap for ‘1’, and ‘10’, for ‘0’ – very simple, but as I recall, most effective.

Then came the era of the Answer Machine, but here again, the same exposures that  are in the news today applied, which could be employed to access, delete, rewind the tape, or recording over the legitimate user answer message. Again, it was just a case of identifying the device, inputting the key sequence to take control, and then either entering the default code, or taking ones time to locate those three magic digits – as I said earlier, this is not rocket science.

And then this brings us up to date with the current day phone hacking activities. Again, not at all anything to do with smart attacks, and complicated hacking techniques, but more a case of exploiting the configurations that the owner user has left in place as a default setting.
 
This then brings us up to date to the host of low cost simple applications which may be installed onto a handset to compromise the perceived local level of user privacy, and security – and last but no least we have some of those well know applications such as Bluesnarf which may be utilised to compromise a target asset.

But what about the future – well enter VoIP, its many attributes, along with the possibility to have its Call Manager placed on line, and accessible, and sometimes exploitable from the Internet should give us room to pontificate on how some corporate systems have been deployed, configured, and left operational!

And then we have the SmartPhone, with its always on access to the Internet, Bluetooth, WiFi, and a plethora of well know applications, which the user may install with ease, leading to potential compromise their local security.

Yes, the News of the World certainly did get carried away, but maybe they have done us all a good turn – never before can I recall such a widespread Security Awareness Campaigns that has alerted the public to the effects of hacking, and their own personal security and exposure!
 

Comment on this blog