Tech Tracker: Can Passive Radio Eavesdroppers Listen In On Your Company? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Mobile & Wireless
04:45 PM
Mike Fratto
Mike Fratto
Connect Directly

Tech Tracker: Can Passive Radio Eavesdroppers Listen In On Your Company?

Any wireless device is a potential bug for 900-MHz band scanning.

Think you only need to worry about attackers tapping into your wireless LAN? Then visualize this scenario: It's 9 a.m., and your employees are getting down to business. Our villain, Dave, orders a latte and takes a seat at a curbside table across from your building. He pulls out a laptop and a handheld police scanner he picked up in Canada, plugs in an earbud, and starts scanning the 900-MHz band.

Within a few minutes, Dave is listening to Mary in accounting talking to her counterpart at an acquisition target. He moves on and finds a call between the help desk and an employee who lost her password. Dave jots down a few notes and moves on. In about three hours, he's collected employee and server names, passwords, and customer contacts. He's listened in on a high-level strategy session and a CEO talking to his VP of development. Armed with this information, Dave can easily con his way into the building and access sensitive data.

InformationWeek Reports

Not bad for a $300 radio, a $4.50 latte, and no chance of detection.

Managing a miasma of mobile devices? Maximize your security options.
Passive radio eavesdropping is a low-budget, relatively safe way for potential attackers to scout out targets. Anyone in your organization using a wireless headset or cord-less phone is potentially broadcasting sensitive material. All an attacker needs is a scanner set to the right frequency range and some patience. We tested this exploit with a cordless phone, but any analog wireless device can be monitored with consumer-grade scanners. The proliferation of wireless systems, for example, offers ample opportunity to listen in. Many audio systems found in conference rooms for recording meetings and conference calls, if they incorporate wireless stations, simply broadcast at 450 or 900 MHz the conversations in the room, regardless of whether the unit is recording or connected to a conference call.

The product is the bug.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll