Eavesdropping

Last updated April 13, 2024

Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.

Etymology

The verb eavesdrop is a back-formation from the noun eavesdropper ("a person who eavesdrops"), which was formed from the related noun eavesdrop ("the dripping of water from the eaves of a house; the ground on which such water falls").^[1]

An eavesdropper was someone who would hang from the eave of a building so as to hear what is said within. The PBS documentaries Inside the Court of Henry VIII (April 8, 2015)^[2] and Secrets of Henry VIII’s Palace (June 30, 2013) include segments that display and discuss "eavedrops", carved wooden figures Henry VIII had built into the eaves (overhanging edges of the beams in the ceiling) of Hampton Court to discourage unwanted gossip or dissension from the King's wishes and rule, to foment paranoia and fear,^[2] and demonstrate that everything said there was being overheard; literally, that the walls had ears.^[3]

Techniques

Eavesdropping vectors include telephone lines, cellular networks, email, and other methods of private instant messaging. Devices that support VoIP and other communication software are also vulnerable to electronic eavesdropping by computer viruses categorized as trojan viruses or more broadly as spyware.^[4]

Network attacks

Network eavesdropping is a network layer attack that focuses on capturing small packets from the network transmitted by other computers and reading the data content in search of any type of information.^[5] This type of network attack is generally one of the most effective as a lack of encryption services are used.^[6] It is also linked to the collection of metadata.

Security

There is a growing importance of security in communication systems, specifically in wireless technology. The need for security measures at different levels, including software encryption, hardware protection (e.g., trusted platform modules), and even the physical layer using wave-front engineering is as crucial than ever.^[7]

Researchers have expressed the importance of addressing the privacy concerns from eavesdropping attacks because they impact the rights of users and the ability to have confidence in the devices as well as the entire Internet. Ensuring that users have trust and confidence in their Internet activities so users continue to engage actively in the system and share data.^[8]

Related Research Articles

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Wiretapping, also known as wire tapping or telephone tapping, is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on an analog telephone or telegraph line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data. This can also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known.

A cryptosystem is considered to have information-theoretic security if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system which depends on the computational cost of cryptanalysis to be secure is called computationally, or conditionally, secure.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

An international mobile subscriber identity-catcher, or IMSI-catcher, is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. Essentially a "fake" mobile tower acting between the target mobile phone and the service provider's real towers, it is considered a man-in-the-middle (MITM) attack. The 3G wireless standard offers some risk mitigation due to mutual authentication required from both the handset and the network. However, sophisticated attacks may be able to downgrade 3G and LTE to non-LTE network services which do not require mutual authentication.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Cellphone surveillance</span> Interception of mobile phone activity

Cellphone surveillance may involve tracking, bugging, monitoring, eavesdropping, and recording conversations and text messages on mobile phones. It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.

The following outline is provided as an overview of and topical guide to computer security:

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

↑ "eavesdrop – Definition of eavesdrop in English by Oxford Dictionaries". Oxford Dictionaries – English. Archived from the original on August 11, 2017. Retrieved September 10, 2023.
1 2 Inside the Court of Henry VIII. Public Broadcasting Service. April 8, 2016.
↑ Stollznow, Karen (August 7, 2014). "Eavesdropping: etymology, meaning, and some creepy little statues". KarenStollznow.com. Archived from the original on July 28, 2018. Retrieved June 23, 2016.
↑ Garner, p. 550^{[ full citation needed ]}
↑ "TeamMentor 3.5". vulnerabilities.teammentor.net. Archived from the original on September 27, 2019. Retrieved September 27, 2019.
↑ "What Are Eavesdropping Attacks?". Fortinet. Retrieved October 2, 2021.
↑ Ma, Jianjun; Shrestha, Rabi; Adelberg, Jacob; Yeh, Chia-Yi; Hossain, Zahed; Knightly, Edward; Jornet, Josep Miquel; Mittleman, Daniel M. (November 2018). "Security and eavesdropping in terahertz wireless links". Nature. 563 (7729): 89–93. Bibcode:2018Natur.563...89M. doi:10.1038/s41586-018-0609-x. ISSN 1476-4687. PMID 30323288. S2CID 53085137.
↑ Anajemba, Joseph Henry; Iwendi, Celestine; Razzak, Imran; Ansere, James Adu; Okpalaoguchi, Izuchukwu Michael (2022). "A Counter-Eavesdropping Technique for Optimized Privacy of Wireless Industrial IoT Communications". IEEE Transactions on Industrial Informatics. 18 (9): 6445–6454. doi:10.1109/TII.2021.3140109 . Retrieved February 9, 2024.

External links

The dictionary definition of eavesdropping at Wiktionary
Media related to Eavesdropping at Wikimedia Commons

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] "eavesdrop – Definition of eavesdrop in English by Oxford Dictionaries". Oxford Dictionaries – English. Archived from the original on August 11, 2017. Retrieved September 10, 2023.

[auto-2] 1 2 Inside the Court of Henry VIII. Public Broadcasting Service. April 8, 2016.

[3] Stollznow, Karen (August 7, 2014). "Eavesdropping: etymology, meaning, and some creepy little statues". KarenStollznow.com. Archived from the original on July 28, 2018. Retrieved June 23, 2016.

[:1-4] Garner, p. 550^{[ full citation needed ]}

[5] "TeamMentor 3.5". vulnerabilities.teammentor.net. Archived from the original on September 27, 2019. Retrieved September 27, 2019.

[6] "What Are Eavesdropping Attacks?". Fortinet. Retrieved October 2, 2021.

[7] Ma, Jianjun; Shrestha, Rabi; Adelberg, Jacob; Yeh, Chia-Yi; Hossain, Zahed; Knightly, Edward; Jornet, Josep Miquel; Mittleman, Daniel M. (November 2018). "Security and eavesdropping in terahertz wireless links". Nature. 563 (7729): 89–93. Bibcode:2018Natur.563...89M. doi:10.1038/s41586-018-0609-x. ISSN 1476-4687. PMID 30323288. S2CID 53085137.

[8] Anajemba, Joseph Henry; Iwendi, Celestine; Razzak, Imran; Ansere, James Adu; Okpalaoguchi, Izuchukwu Michael (2022). "A Counter-Eavesdropping Technique for Optimized Privacy of Wireless Industrial IoT Communications". IEEE Transactions on Industrial Informatics. 18 (9): 6445–6454. doi:10.1109/TII.2021.3140109 . Retrieved February 9, 2024.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Hacktivism Insecure direct object reference Keystroke loggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection Site isolation

v t e Espionage
Agents Assets	Agent handling Cover Double agent Field agent Resident spy Sleeper agent Spymaster
Analysis	Intelligence assessment competing hypotheses
Devices and communications	Concealment device Covert listening device Cryptography Cutout Computer and network surveillance Cyber spying Dead drop Invisible ink Numbers station One-way voice link Phone surveillance Short-range agent communications Steganography microdot Surveillance tools
Tradecraft and techniques	Canary trap Front organization Limited hangout
Operations	Chinese intelligence activity abroad Chinese espionage in the United States Cold War espionage Recruitment Black operation black bag wetwork Eavesdropping SIGINT MASINT False flag Industrial espionage Interpersonal (HUMINT) intelligence interrogation safe house surveillance COINTELPRO MINARET SHAMROCK FVEY Sexpionage Stay-behind Targeted surveillance