A largely unknown function within the Metasploit framework has been upgraded that allows phone calls to be recorded and then trawled for sensitive information.
The powerful microphone recording function has existed for about two years and is helpful to penetration tests yet is rarely used.
Rapid7 MetaSploit developer Wei Chen, known as Sinn3r, says the feature was upgraded two weeks ago from a basic meterpreter command to a cross-platform post module which can record multiple phone calls.
"Say you've successfully recorded a bunch of people's meetings through their compromised laptops in WAV (format)," Wei says in a post. "Maybe there's some goodies in these files -- passwords, company secrets, operations, future plannings."
A speech recognition service can then be used to automatically locate the valuable data by keyword search.
"The quality of your results depends on several things: How clearly the sound was captured, how many keywords you're searching, etc."
The function was accidentally killed off a year ago thanks to a typo which remained unntoiced until recently.
It can be downloaded via Github.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.