PhoneSweep: The Corporate War Dialer

The saying, 'a chain is only as strong as its weakest link' applies to the unsecured modem attached to a corporate workstation. Companies can spend millions of dollars on proxies firewalls and various other hardware/software solutions aimed at protecting their network. However often times they over look the modems attached to computers on the network. The unsecured modem provides a weak and often overlooked avenue into some of the most secure networks. Reports have been made that through unsecured modems one was able to control a building's heating and lighting system. Other modems allowed access to the computers at a fire department's dispatch office (Shipley). High speed digital internet access continues to grow and become more common place in the United States. One would think that with the increase in the digital cable subscribers the threat of an unsecured modem would diminish. However this isn't the case. In this paper we will look at the risk that an unsecured modem creates. Additionally we will briefly discuss how the hacker can take advantage of these exposures. Finally we will look at the tool PhoneSweep and how it can help the Information Security Officer find and close these security holes.