Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.
In its security response, Cisco says: "an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream."
Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that "any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack." (more)
If you are concerned about people or governments covertly turning your cell phone 'on' and listening to you behind your back, this is for you!
Smother your mobile in The Black Hole. No one will be able to eavesdrop or know you location. Your phone will become deaf, dumb and blind.
Or, you could just turn your phone off. Ok, pluck out the battery, too. Heck, go all out, a la Unibomber or Clifford Stoll (buy one of his Klein Steins, too). Shun technology altogether! (more)
German police have arrested a 60-year-old landlord after discovering he used cameras and microphones to spy on his tenants for a decade while they bathed and slept.The man had installed surveillance in the bedrooms, bathrooms and living areas of two flats 10 years ago ... one of his tenants discovered the bugging last week while she was cleaning the flat.Police suspect he had sexual motives... "Why do you think someone would put a camera in the bathroom -- to see if it was being cleaned correctly?" asked Bavarian police spokesman Ulrich Poepsel. (more)
Security experts are once more urging businesses and consumers be wary of wiretapped Voice over IP (VoIP) calls -- as well as the vast number of potentially worse IP telephony vulnerabilities to which they may be exposed.Last week, U.K. security researcher Peter Cox introduced a proof-of-concept that showed how easily Voice over IP phone calls could be intercepted. Cox, the former chief technology officer and co-founder of security vendor Borderware, successfully captured phone calls over a period of several months with a prototype Session Initiation Protocol (SIP) call monitoring tool.The demonstration came as only the latest reminder that VoIP is vulnerable to monitoring. But experts warn that wiretapping is only the tip of the iceberg. (more)
Sticks out like a sore thumb...
...but, would you notice it?
The buried cable pole camera system is a unique structure that conceals the camera, battery supply, and wireless video transmitter in an enclosure that can be placed in many residential and urban areas without drawing suspicion. This system comes with a Part 15 2.4 GHz transmitter, but can be upgraded to the Part 90 2.4 GHz transmitter for greater range.
Specifications:
• Buried Fiber Optic Marker Pole
• 16mm Black and White Environmental Camera
• 2.4GHz Part 15 Transmitter and Receiver
• Ground Spike for Installing the Pole
• Also available in a camouflage model.
(more)
From FrSIRT...
A vulnerability has been identified in Cisco Unified IP Phone, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error within the Extension Mobility feature, which could allow a attacker with valid Extension Mobility authentication credentials to cause a vulnerable device configured to use the Extension Mobility feature (disabled by default) while the internal web server is enabled (enabled by default) to transmit or receive a Real-Time Transport Protocol (RTP) audio stream. (more)
Translation...
This series of phone can be remotely eavesdropped upon.
On sale NOW at over 30 Internet shops.
Features: (from web advertising)
• Bug is only the size of a quarter.
• Transmits both sides of a telephone conversation to any FM radio.
• No battery needed.
• Complete with PC Board and Instruction Book
• Do it yourself kit form.
• Makes a great educational project.
When was the last time you had your telephones checked?
An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.Called SIPtap, the software is able to monitor multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need to do would be to infect a single PC inside the network with a Trojan incorporating these functions, (see our USB memory stick warnings) although the hack would work at the Internet service provider level as well.
SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. (more)
Killer mum's room bugged with spy cameras
Australia - Child protection authorities at Brisbane's Mater Children's Hospital were so concerned that a baby might be harmed by its mother they had his room bugged with hidden spy cameras, a court has heard.
But no one was watching the night eight-month-old Bray Metius was smothered to death in his cot by model mum Candaneace Lea Metius... (Two days before Bray's death, a decision was made to stop monitoring the footage.)
Metius, 24, who taught parenting classes and won an award for her volunteer work, has admitted to suffocating her son during an "out of body" experience... (more)
Mexico is widening its capacity for electronic surveillance, using funds from Washington to expand its ability to tap telephone calls and e-mail. The expansion comes as new President Felipe Calderon pushes to amend the Mexican Constitution to allow phone taps without a judge's approval in some cases... The new system provides extensive data storage capacity and will allow voice identification of callers... (more)
Today's article in Forbes Magazine If Security Is Expensive, Try Getting Hacked, by Andy Greenberg, is a great cautionary tale. Andy clearly shows why your IT department's security budget is a good investment in your company's bottom line.
A sister article entitled If Security Is Expensive, Try Getting Bugged is just as easy to document. Periodic sweeps for bugs and wiretaps (TSCM inspections) can be an even better investment in your company's bottom line. Fund both.
In a nutshell...
Intelligence collection is a leisurely process. Enemies quietly collect long before they use. Until they use what they have gathered no harm is done. Knowing this gives you the edge.
• Eavesdropping is not the goal. It is a means to an end. • Eavesdropping is a key component of intelligence gathering.
• Eavesdropping is the one spy trick which is easily detectable.
Protection Requires Detection
Eavesdropping detection audits exploit weaknesses inherent in electronic surveillance.
Knowing someone is interested in you provides time to counter - before harm is done.
Bum One...
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why? No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out. (Murray Associates - Case History)
Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.
Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.
Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.
You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).
They KNOW they are leaking your sensitive/secret information when they 
continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.
The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!
The Newest Solution...
SpectraPulse™ Ultra Wideband (UWB) Wireless Microphone System
Additional Digital Choices...
• Lectrosonics (...and an Encryption White Paper)
• Zaxcom
• Mipro ACT-82
• Telex SAFE-1000
Infrared Choices...
• Glonetic Audio
• PA-System
• Azden
You see someone on your property taking photos with a digital camera.
"Not allowed," you tell them.
"My mistake, I'll erase them right now and put the camera away," they say. "Watch."
faba daba zap - pooffff
Camera shows empty.
No more photos. Case closed.
Security wins again.
Not so fast...
Those photos might have zapped their way to a web-based storage site, or a nearby computer (check their napsack), the instant they were taken - thanks to Eye-Fi, a new wireless memory card for digital cameras. (more)
Like other electronic spying tricks...
You need to know what to look for, before you know to look for them. ~ Kevin
Do you think twice when typing in your credit card number online, but have no problem handing over your plastic card at a store? Well actually, you may have it backward. Your personal information may be more secure in cyberspace than at the mall down the road. That's because it's easier for dot-coms to protect the data. And most stores in America underestimate how vulnerable they are. As correspondent Lesley Stahl reports, it's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it. (more & video)
In an upper-middle class suburb in the Midwest, Tom and Cindy are spying on their 16-year-old daughter Jane. “It’s a frightening window on our daughter’s world,” Cindy told CBS News science and technology correspondent Daniel Sieberg. “And it’s the dark side.” They asked that CBS News conceal their identities, because their daughter doesn’t know they are tapping into all her online communications.
But then the dilemma - do they confront her with their knowledge and blow their cover? (more - with video)
Professional spy agencies face the same dilemma daily. The question they don't face, however, is... "Is spying really the best parenting skill that I have?"
Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.
