IT Baseline Protection Manual T 5.38 Misuse of remote inquiry
T 5.38 Misuse of remote inquiry
If third parties get to know the access code of an answering machine, they can use the remote inquiry to abuse a large number of the functions of the answering machine. The most sensitive functions which can be accessed and therefore abused with remote inquiry are:
Room monitoring
The room monitoring function activates the microphone of the answering machine, thus bugging the room. A fact that should be mentioned is that very few types of answering machine clearly indicate bugging by an acoustic signal, the standard indicator only consists of one LED.
If this function is activated in an abusive manner during the absence of the called party, an activated monitoring of the room will not be noticed after the called party returns. All conversation inside that room will be bugged without being noticed.
Unauthorised monitoring or deletion of stored messages
Incoming messages can be monitored (without authorisation) and also deleted. The consequential damage depends on the sensitivity of the recorded information.
Modifying or deleting of stored outgoing messages
Some types of answering machine allow the deletion of the outgoing message by a remote inquiry, thus putting the answering machine out of action. It is also possible to confuse callers by specific incorrect information.
Modification of stored call numbers used for the call-transfer or call-forwarding mode
The facility call-notification makes the answering machine dial a preset telephone number automatically after receiving a call. If the called subscriber responds, a particular acoustic signal or reminder text is sent by the answering machine to indicate that a call has been recorded. Some answering machines then automatically replay the recorded call. Mostly however, the replaying of the call has to be activated by first entering a security code. In the call-forwarding mode, the calling party is routed to a preset telephone number.
On deactivation of the call notification or call-forwarding mode, these functions will not be executed any more, this means that the user can no longer be notified of important calls. By re-programming these functions, it is possible to re-route calls arbitrarily, e.g. to an information service with charges.
Re-winding and fast-forwarding a tape
Some answering machines with an analogue recording unit allow a remote fast-forwarding or re-winding of the tape. Fast-forwarding the tape to the end prevents the recording of subsequent calls. Re-winding the tape causes the messages already recorded to be erased by subsequent ones.
Modes of telecontrol
Some answering machines allow electrical equipment to be turned on and off remotely. The damage arising from misuse of this feature depends on the function and significance of the connected equipment.
Turning off the answering machine
Some answering machines can be turned off remotely so that their functions are no longer available.