An eavesdropping attack, which is also known as a sniffing or snooping attack, is an incursion where someone tries to steal information that computers, smartphones, or other devices transmit over a network. An eavesdropping attack takes advantage of unsecured network communications in order to access the data being sent and received. Eavesdropping attacks are difficult to detect because they do not cause network transmissions to appear to be operating abnormally.
Eavesdropping attacks involve a weakened connection between client and server that allows the attacker to send network traffic to itself. Attackers can install network monitoring software (a sniffer) on a computer or a server to carry out an eavesdropping attack and intercept data during transmission. Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves. Knowing what devices are connected to a network and what software is installed on those devices is one way to protect against eavesdropping attacks. Using personal firewalls, updated antivirus software, and virtual private networks (VPN) – and avoiding public networks, especially for sensitive transactions – can help prevent eavesdropping attacks as well.
Public Wi-Fi networks are an easy target for eavesdropping attacks. Anyone with the easily available password can join the network and use free software to monitor network activity and steal login credentials and valuable data that users transmit over the network. This is one way people get their Facebook and email accounts hacked.
Eavesdropping is easier to perform with IP-based calls than TDM-based calls. Any protocol analyzer can pick and record the calls without being observed by the callers. There are software packages for PCs that will convert digitized voice from standard CODECs into WAV files.
The speakerphone function can be turned on remotely, with the caller on mute so that there is no sound coming from the phone. This has happened with some IP phones in executives’ offices. Their offices can be listened to without their knowledge.
PCs and laptops that have microphones attached or integrated into them can be enabled as listening devices without the user’s knowledge. There is a rootkit available for this purpose.
Users can sometimes limit their exposure to such attacks by making sure their phones are running the most recent operating system version. However, sometimes users do not have access to the latest software version because the phone vendor does not make it available immediately
In May 2011, most Android smart phones were vulnerable to an eavesdropping attack involving authentication tokens sent over unencrypted Wi-Fi networks. Eavesdroppers using a sniffing program called Wireshark could view, steal, modify, and delete private calendar data, contact data, and Picasa Web Album data this way. The attacker could change a victim’s contact data to trick the victim’s contacts into sending sensitive data to the attacker.
HTTP should not be used to transmit sensitive information such as passwords or credit card numbers because it is not encrypted and is therefore vulnerable to attack; HTTPS or SSH (secure shell) encryption should be used instead to offer a measure of protection against eavesdropping attacks. However, attackers may still be able to decrypt encrypted communications to gain access to confidential information. In April 2015, at least 25,000 iOS apps were vulnerable to eavesdropping attacks because of a bug in an open-source code library called AF Networking that could take down HTTPS encryption. The attacker only needed a valid certificate to eavesdrop on or modify an encrypted SSL (secure socket layer) session involving one of the affected apps.