Search phone calls for keywords with Metasploit

Powered by SC Magazine
 

Find passwords, company secrets in tapped conversations.

A largely unknown function within the Metasploit framework has been upgraded that allows phone calls to be recorded and then trawled for sensitive information.

The powerful microphone recording function has existed for about two years and is helpful to penetration tests yet is rarely used.

Rapid7 MetaSploit developer Wei Chen, known as Sinn3r, says the feature was upgraded two weeks ago from a basic meterpreter command to a cross-platform post module which can record multiple phone calls.

"Say you've successfully recorded a bunch of people's meetings through their compromised laptops in WAV (format)," Wei says in a post. "Maybe there's some goodies in these files -- passwords, company secrets, operations, future plannings."

 

 

A speech recognition service can then be used to automatically locate the valuable data by keyword search.

"The quality of your results depends on several things: How clearly the sound was captured, how many keywords you're searching, etc."

The function was accidentally killed off a year ago thanks to a typo which remained unntoiced until recently.

It can be downloaded via Github.

Copyright © SC Magazine, Australia


Search phone calls for keywords with Metasploit
 
 
 
Top Stories
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
 
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
 
Toll Group to go Google
Poaches Woolworths project manager.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3984

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1359

Vote