By Robert Jaques
14 Feb 2007
Security experts today warned that the impending total ban on smoking in
UK workplaces could be used by social engineering hackers to steal
sensitive corporate data.
In a recent exercise undertaken by security consultancy NTA Monitor, a
tester was able to gain access to a corporate building through a back
door that was left open for smokers.
Once inside, the tester requested to be taken to a meeting room,
claiming that the IT department had sent him. Even without a pass, he
gained access unchallenged and was able to connect his laptop to the
VoIP network via a telephone point.
Roy Hills, technical director at NTA Monitor, said: "It used to be that
companies 'left the back door open' in terms of internet security. Now
they are literally leaving their buildings open to accommodate smokers.
"We are experiencing a surge in demand for social engineering tests as
hackers are turning to social techniques to infiltrate corporate
He added that the exercise proves that once inside a corporate building,
an attacker can use social methods on employees to gain access to
restricted areas and information.
Subscribe to the InfoSec News RSS Feed