Point Branch eXchanges or similar switching centers are
attacked in order to exploit weaknesses in their design allowing connected
telephone instruments to be tapped. Examples include on-hook bugging of
hand-held instruments, open microphone listening, and exploitation of silent
conference calling features.
Complexity: In cases where functions that
support bugging are provided by the PBX, this attack is straight forward. In
cases where no such function is provided, it is essentially impossible.
Determining which is the case is non-trivial in general, but in practice it
is usually straightforward.