T 5.11 Loss of confidentiality of data stored in PBX systems

In PBX systems, personal and internal data is stored for longer periods of time, for example on hard disks or memory cards. Personal data includes call-charge data, configuration data, authorisations and electronic telephone books, passwords, and charge account numbers, for example. For invoice generation, PBX systems are often able to record connection datasets which at the least contain information about the subscriber number called, the time of the call, and the duration of the call. This information could be used to derive communication profiles for individual terminal devices or users. Therefore, connection data is interesting to unauthorised persons and must be protected against unauthorised access.

When operating VoIP PBX systems, voice information may also be logged very efficiently, since this is already present in a digital form. For example, all telephone calls made can be stored in their entirety on hard disks and copied to another system for later evaluation. There is the risk of such a logging function for telephone calls being enabled without authorisation and then used to attack the confidentiality of the data.

Many PBX applications work with personal data and under some circumstances forward it to other applications. Unified Messaging Systems must be mentioned specifically, where the effects of a loss of confidentiality may be severe due to the centralised collection of different message types.

The stored data may also be read and changed by the administration personnel of the telecommunication system. The type and scope of this access depends on the type of system and, if configured, the scope of the rights granted. The administration personnel are granted this access both for on-site maintenance as well as for remote maintenance purposes. When remote maintenance is outsourced, the company contracted to perform the maintenance (generally the manufacturer or a service provider) is also able to read and change the data at any time.