"Do not hack the elevators here, please."
Will Caruanais on stage at the annual DEF CON hacking convention in Las Vegas, and with a quick disclaimer and mischievous grin, he's implored the crowd to behave. Behaving, of course, is not why anyone went to a talk on hacking elevator phones.
According to Caruana's talk, Phreaking Elevators, the emergency phones in elevators around the world are poorly, if at all, protected from potential abuse. Why does that matter? What trouble can you get up to with an elevator phone, anyway? Quite a lot, it turns out.
For starters, anyone who is so inclined can dial into the phones — all you need is the number (which in some cases you can find online) — thus giving an attacker the ability to listen in on any conversation happening within.
Imagine all the fun stuff you might hear being discussed in the elevators of a Fortune 500 company.
Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up! 
Caruana showing off an elevator phone he purchased online.Credit: jack morse / mashableBut that's not all. As Caruana explained, it's quite easy to remotely gain control of elevator phones.
"No one ever changes the password," he explained as he flashed a slide of elevator default passwords. "No one."
And once you have control of the phones? Well, if you happen to be malicious, Caruana says you can prevent the phones from operating — rendering them useless in a real emergency.
Or, if you're just after cash, you can force the phones to place calls to specific numbers. To drive the seriousness of this move home, Caruana laid out a not so hypothetical scenario with a real university that has 60 elevators.
"Each of those elevators has their own telephone line," read a slide. By forcing those phones to call a predetermined 900-number that you control, 24 hours a day, you stand to make millions.
One of the slides.Credit: jack morse / mashableBut the crowd of hackers who attended Caruana's talk definitely shouldn't try any of this at the hotels and casinos hosting DEF CON. As to where they should try it? Caruana didn't say, although he did include a photo of the Trump International Hotel in his presentation.
SEE ALSO:Turns out your office printer is a huge cybersecurity riskSo the next time you're in an elevator, remember to watch what you say. You never know who's listening — or using the humble emergency phone to get rich while you twiddle your thumbs and stare at the ceiling.
Featured Video For You
Friend of alleged Capital One hacker believes she ‘had no malicious intent’
顶: 3954踩: 78517
评论专区