Security Flaws Allow Wiretaps to be Evaded 191
An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."
Re:In other news... (Score:3, Informative)
Seriously, if I were planning a crime or terrorist act, you bet your ass I would encode all communication in some way -- whether it be encrypted emails or just a word code system over the phone that changes each time. This is similar to the Cold War days, when spies would leave innocent-looking messages in public places. Essentially, a non-computerized version of steganography.
Where there is a will, there is a way. Where there is a stupid or lazy criminal, there is a prison sentence.
Re:RTFA and all that (Score:4, Informative)
In other words: Most of the time, in current conditions, this will work.
Re:I, for one, welcome security flaws (Score:4, Informative)
Listen, I hate the concept of a police state and wiretapping as much as the next guy, but this is a dumb defense. The SEC investigates transactions like that for a reason. "Gee, these two FBI agents who've never bothered to invest more than $10,000 in any single company, suddenly bought $400,000 worth of shares of this company at the perfect time and made $15,000,000. They might've been ridiculously lucky. Or more likely they might've had insider information. Let's look a little closer, shall we?"
The stock market is like the world's biggest casino, and the SEC is certainly no less watchful and no less hesitant to break your legs if you try to cheat them.
Re:In other news... (Score:4, Informative)
URLs for the REAL papers say lots more. (Score:5, Informative)
Basically, there's a fairly high proportion of the wiretapping gear that's actually deployed is vulnerable, in spite of what the police PR folks say, and it's much easier to hack the pen-register technology (though probably impossible to prevent the phone company from giving a direct billing database feed to the Feds, which you probably can't hack.)
Re:In other news... (Score:3, Informative)
For the sake of free communication, I hope this stays like that in the UK then.
On a sidenote, there were some interesting papers published at this years Cyber Safety conference [ox.ac.uk]. Especially interesting in our context: Prepaid Mobile Phones: the Anonymity Question [ox.ac.uk] by Gordon Gow.
Wiretapping is mostly done by Verisign (Score:4, Informative)
Since this works through SS7, and full call-control information is available, it's immune to any in-band tones.
See this old Slashdot article [slashdot.org] with more links.