T 5.13 Wiretapping of rooms using PBX terminal devices
As a matter of principle, it is possible to wiretap rooms using microphones in terminal devices. Here, two variants are differentiated. In the first case, the threat arises through the use of one terminal device. Examples include intelligent terminal devices with built-in microphones such as multimedia PCs, PDAs, mobile telephones, but also answering machines. Such terminal devices can be manipulated remotely from the public network or via the LAN to activate the built-in microphone when the corresponding functionalities are implemented (see also T 5.40 Monitoring rooms using computers equipped with microphones and cameras). A well-known example of this includes the so-called "baby watch" function available in some phones or answering machines.
In the second case, the functionality of a PBX system is exploited in combination with correspondingly equipped terminal devices. This threat arises through the misuse of the "voice calling" feature in combination with the "hands-free calling" option. This combination can cause the system to operate like an intercom system under certain circumstances, and therefore be used to wiretap a room. Normally, a short, single warning signal is generated when the microphone is activated Warning signals may be prevented by a corresponding configuration, however. Anyone able to administer a PBX system would in this case be able to wiretap any room containing a correspondingly equipped telephone from every terminal device with access to the PBX system or the system cluster.
When using VoIP softphones, there is an additional threat scenario. These applications allow the use of a multimedia PC as a telephone terminal device. The multimedia PC is generally used for other tasks as well, for example to surf the internet. Since a microphone is required to transmit voice data, it may be activated by malware under some circumstances and the environment of the PC may be wiretapped.