|
|
Nowadays, many IT systems are equipped with microphones. The microphone on a computer connected to a network can be used by anyone with access rights to the relevant device files (e.g. /dev/audio for UNIX, a Registry under Windows NT). Failure to exercise due caution over the granting of such access rights could result in persons other than the intended users gaining access and hence being able to misuse the microphone for eavesdropping purposes.
Example:
In March 2001 a television business programme showed how it is possible to bug a room using the microphone on a laptop that is connected to an ISDN telephone line. This was demonstrated using a laptop of a German politician. First of all she was sent a faked virus warning by e-mail, telling her to open a protection program enclosed as an attachment. But this program contained a Trojan horse which later established a connection to the outside over the ISDN line and transmitted the telephone number.
It was then possible for the computer to be telephoned from outside without the user having any visual or auditory information that this was going on. The microphone installed on the laptop was then activated over the open connection and the sounds in the room were transmitted to the outside.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 2001 |