G 0.15 Eavesdropping

Eavesdropping refers to targeted attacks on communication connections, conversations, sound sources of any kind or IT systems for information collection purposes. This ranges from undetected, secret listening in on conversations to highly sophisticated complex attacks to intercept signals transmitted via radio or cables, for example using antennas or sensors.

Not only because of the low risk of detection, eavesdropping on lines or radio connections is a significant threat to information security. In principle, there are no tap-proof cables. Only the effort required for eavesdropping differs between cables. Whether a line is actually being tapped can only be determined with considerable metrological effort.

Particularly critical is the unprotected transmission of authentication data in plaintext protocols such as HTTP, FTP or Telnet, as these are easy to analyze automatically due to their clear structure.

The decision to eavesdrop on information somewhere is essentially determined by the question of whether the information is worth the technical or financial effort and the risk of discovery. The answer to this question very much depends on the individual capabilities and interests of the attacker.

Examples:

• For attackers, not only the eavesdropping of calls can be interesting in telephone conversations. The information transmitted during signaling can also be misused by third parties, for example if an incorrect setting in the terminal device results in the password being transmitted in plaintext during login.
• With unprotected or insufficiently protected radio transmission (e.g. if a WLAN is only secured with WEP), the entire communication can easily be eavesdropped on.
• Emails can be read throughout their entire journey through the network if they are not encrypted. Unencrypted emails should therefore be compared not with letters but with postcards.