Telephone System Attacks

A new threat, which is often overlooked by conventional TSCM techniques, exploits the programming features available on computer-based telephone systems. All modern telephone systems are computer-based and software driven, with preprogrammed instructions to connect calls to the proper lines and extensions. This makes them highly flexible for any changes required in the telephone system configuration, as only the program needs altering. This also exposes the system to various eavesdropping attacks.

Most software eavesdropping attacks exploit the features of the telephone system. These techniques provide for monitoring all on-going telephone conversations, as well as room conversations. Reprogramming the privacy or access feature could allow passive eavesdropping of a target from another extension.

Even more alarming than the possibility of an eavesdropping attack, which could be perpetrated on-site, is one that could be performed remotely. The remote maintenance feature provides an eavesdropper the opportunity to remotely attack a telephone system.

The purpose of this feature is to allow remote off-site access, through the remote maintenance port, for system diagnosis or to reprogram the telephone system configuration. Remote access to the telephone system presents a unique threat as physical access to the telephone system wiring for surreptitious purposes is no longer necessary, therefore creating the opportunity for remote eavesdropping attacks.

A perpetrator could gain access into the telephone system program, through the remote maintenance feature, and camp onto a selected line or extension of the system, thereby enabling remote monitoring of any desired conversation. The system program could also be modified for clandestine purposes, possibly creating a software bridge tap, so that a target line or extension would also be automatically connected to another line or extension without a physical (hardwired) wire tap ever being performed.

This presents a unique threat as access to the target's telephone system wiring or instruments is not required, allowing eavesdropping attacks to be performed remotely. Software attacks are very difficult to detect, as they could occur at any time, remotely. Equally vulnerable to remote software attacks are voice mail, modems, or any convenience options which allow remote access capabilities.

Typical protection features securing most computer-based systems are easily compromised. These security features, such as callback and access codes, only offer a moderate level of protection.

The telephone system, instruments and lines are exposed to numerous methods of attack, which are difficult to detect. Most telephone instruments are centrally located to sensitive room conversations. Telephone conversations are carried along exposed and unprotected lines. The telephone system control is easily accessed, offering complete and total control, virtually undetectable. Because of these reasons, as well as others, it is understandable why eavesdropping attacks are predominantly discovered on the telephone system.