An article on today's slasdot about how a penetration tester was able to break into a a bank's computer network caught my attention today. See First-Person Account of a Social Engineering Attack .
I have always been interested in social engineering attacks after reading the story of Kevin Mitnick . A lot of people are simply not aware of how simple it is to gather simple information by gaining thier trust of simply by snooping around.
I just thought of an attack on snooping someone's phone messages. This will only work on phones with an LCD display.
Me: Hi XXX, I left you a message but I did not hear back from you.
Him : Oh ok. I will check it now.
Me: Great.
He then proceedes to check the messages. Of course, he will not have had a message from me.
Him : I did not get a message from you.
Me : Can I use your phone to make call mine and make sure that everything is ok. Hey can you grab me that pencil over there.
Once he is distracted, I hit redial and viola, his voice mail number and most probably his password will appear on the screen. However, tis attack did not work on my Samsung phone.
Thursday, November 30, 2006
Subscribe to:
Posts (Atom)
