Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site hydra.UUCP Path: utzoo!linus!philabs!cmcl2!harvard!think!mit-eddie!cybvax0!frog!hydra!die From: die@hydra.UUCP (Dave Emery) Newsgroups: net.unix-wizards,net.dcom Subject: Does your PBX include a dial-a-wiretap ? Message-ID: <140@hydra.UUCP> Date: Wed, 6-Nov-85 21:58:44 EST Article-I.D.: hydra.140 Posted: Wed Nov 6 21:58:44 1985 Date-Received: Sat, 9-Nov-85 06:33:25 EST Reply-To: die@crds .UUCP (David I. Emery) Followup-To: !decvax!frog!die Distribution: net Organization: Charles River Data Systems, Framingham MA Lines: 36 Keywords: security PBX wiretap trojan-horse Xref: linus net.unix-wizards:12805 net.dcom:1242 Many organizations use modern computer based PBX systems that use microprocessors to control routing of calls from incoming CO trunks to individual lines and subscribers. Many use standard microprocessors with PROM or even loadable RAM used to store the control program. I wonder what prevents those with some sort of criminal interest in conversations or data flowing through the pbx lines from hacking the code so as to provide a dial-a-wiretap facility that would pass a listen only copy of traffic flowing through the switch to a particular line or even to a line outside of the PBX reached through one of it's trunks? And how can a user be assured that the firmware in his PBX doesn't include such a dial-a-wiretap put in by the PBX supplier for testing and debugging the pbx hardware? How can one be sure that there isn't some magic code that allows one to listen in on ones neighbor - as is well known, early releases of UNIX had just such a boobytrap carefully hidden in the root password checking. Source code for pbx control firmware isn't available anywhere so carefully checking it is not an option... In some office environments management has been caught listening in to employee conversations by more conventional wiretaps, either out of purient interest in employee sex lives, a desire to control use of phones for personal purposes, or in some more sinister cases out of paranoid fears that certain employees were plotting to quit to set up their own business, or displace the paranoid manager or something similar. What prevents such management from obtaining the black magic codes to dial a wiretap or even hiring someone to hack their PBX ? The evidence would be much harder to find than wires leading to a tape recorder or bugs radiating rf energy ... And how common is PBX hacking anyway - criminal or not ? David I. Emery Charles River Data Systems 617-626-1102 983 Concord St., Framingham, MA 01701. uucp: decvax!frog!die