Mobile Edition
Print
Get the Mag
Weekly UpdatesSandstorm Enterprises Inc., Cambridge, Mass., an information security tools company, has released an enhanced version of its PhoneSweep telephone scanner, incorporating "Single Call Detect" to dramatically speed scans. Additional features in PhoneSweep release 1.1 include an increase in the number of target systems recognized, to more than 200, and enhancements to the tool's brute force testing mode.
PhoneSweep is intended for use by security professionals to audit corporate telephone systems for vulnerabilities, such as undocumented modems tied to internal networks. PhoneSweep works like a computer criminal's "war dialer," and Sandstorm has found an enthusiastic market for PhoneSweep among security professionals who had been using such "hackerware" for lack of a commercially-developed and supported alternative. "A surprising number of corporations, and even Federal agencies, have been using hacker tools like ToneLoc to carry out their telephone scans," said Dr. Ross Stapleton-Gray, Sandstorm's vice president for Government Relations. "There's a certain irony -- and recklessness -- in relying upon unsupported, undocumented software to secure mission- or national security-critical networks."
Single Call Detect allows PhoneSweep to determine if a telephone is answered with a voice, a second dial tone, a fax machine, or a data modem with a single call. The determination is made in less than five seconds, speeding the scanning process. "Dialing numbers and waiting for the modems to synchronize or time out, while simple, is neither efficient nor particularly effective," said James Van Bokkelen, Sandstorm's president. "Single Call Detect allows PhoneSweep to skip rapidly from number to number, ending a call as soon as a voice, busy or second dial tone is detected, and completing the average scan in less than half the time." The speed and accuracy afforded by Single Call Detect also reduces any inconvenience to organizations being scanned, as PhoneSweep promptly releases connections upon encountering a live or recorded voice.
In developing PhoneSweep, Sandstorm worked with security expert Peter Shipley, who has scanned several million phone lines in the San Francisco Bay area. Shipley's research has shown unsecured "back doors" at hundreds of sites -- including government and commercial systems -- that allowed full control to any caller without first asking for a username and password. Sandstorm has used Shipley's results to train its recognition engine, and Shipley has used PhoneSweep's recognition system to categorize and tabulate the results of his project.
Originally released last October, PhoneSweep is in use by both security departments and independent auditors at hundreds of sites in North America and overseas. PhoneSweep customers include both large and small companies, Federal and state governments and the military.
PhoneSweep customers with current support contracts will all receive automatic upgrades to release 1.1. PhoneSweep Basic ($980) supports a single modem and up to 800 phone numbers per scanning profile. PhoneSweep Plus ($2800) supports four modems for simultaneous scanning, and 10,000 number profiles. PhoneSweep Plus8 ($5600) supports eight modems with 10,000 number profiles.
For more information, call (617)426-5056.
FEED