Does your PBX include a dial-a-wiretap ?

[Dave Emery]

	Many organizations use modern computer based PBX systems that use
microprocessors to control routing of calls from incoming CO trunks to
individual lines and subscribers.  Many use standard microprocessors with
PROM or even loadable RAM used to store the control program. I wonder what
prevents those with some sort of criminal interest in conversations
or data flowing through the pbx lines from hacking the code so as to
provide a dial-a-wiretap facility that would pass a listen only copy
of traffic flowing through the switch to a particular line or even to
a line outside of the PBX reached through one of it's trunks? 

	And how can a user be assured that the firmware in his PBX doesn't
include such a dial-a-wiretap put in by the PBX supplier for testing and
debugging the pbx hardware?   How can one be sure that there isn't some
magic code that allows one to listen in on ones neighbor - as is 
well known, early releases of UNIX had just such a boobytrap carefully
hidden in the root password checking.  Source code for pbx control firmware
isn't available anywhere so carefully checking it is not an option...

	In some office environments management has been caught listening
in to employee conversations by more conventional wiretaps, either
out of purient interest in employee sex lives, a desire to control
use of phones for personal purposes, or in some more sinister cases
out of paranoid fears that certain employees were plotting to
quit to set up their own business, or displace the paranoid manager or
something similar.  What prevents such management from obtaining the
black magic codes to dial a wiretap or even hiring someone to hack
their PBX ?   The evidence would be much harder to find than wires
leading to a tape recorder or bugs radiating rf energy ...
 
	And how common is PBX hacking anyway - criminal or not ?

          David I. Emery    Charles River Data Systems   617-626-1102
          983 Concord St., Framingham, MA 01701.
	  uucp: decvax!frog!die