Definition

eavesdropping

What is eavesdropping?

Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission. The term eavesdrop derives from the practice of actually standing under the eaves of a house, listening to conversations inside.

VoIP systems that don't use encryption make it relatively easy for an intruder to intercept calls. Here's Gary Audin's explanation:

  • Eavesdropping is easier to perform with IP-based calls than TDM-based calls. Any protocol analyzer can pick and record the calls without being observed by the callers. There are software packages for PCs that will convert digitized voice from standard CODECs into WAV files.
  • The speakerphone function can be turned on remotely, with the caller on mute so that there is no sound coming from the phone. This has happened with some IP phones in executives' offices. Their offices can be listened to without their knowledge.
  • PCs and laptops that have microphones attached or integrated into them can be enabled as listening devices without the user's knowledge. There is a rootkit available for this purpose.
Even systems that do use encryption can be vulnerable, however. In August 2009, Symantec issued a security bulletin about a wiretap Trojan know as Peskyspy. Peskyspy was designed to access Skype call audio before it was encrypted.

Eavesdropping on a conventional telephone line through technical methods is known as wiretapping.

Learn More About IT:
> Whitfield Diffie and Susan Landau write about how Internet eavesdropping relates to espionage, privacy and security.
> Here's Gary Audin's article about VoIP security fundamentals.

Contributor(s): Gary Audin
This was last updated in September 2009
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchFinancialSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: