Security Flaws Allow Wiretaps to be Evaded 191
An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."
Is this is a big deal? (Score:2, Insightful)
In other news... (Score:5, Insightful)
I mean, any dolt can PGP [pgp.com] or GnuPG [gnupg.org] encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.
If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.
Re:Is this is a big deal? (Score:5, Insightful)
Feature, not a bug... (Score:3, Insightful)
RTFA and all that (Score:5, Insightful)
A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)
So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.
What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).
In other news... (Score:5, Insightful)
Re:Is this is a big deal? (Score:3, Insightful)
Where's the big deal?
Don't use in-band signalling/control (Score:2, Insightful)
Double-edged sword (Score:4, Insightful)
I feel safer already....
Comment removed (Score:4, Insightful)
Re:Double-edged sword (Score:3, Insightful)
Moral of the story, dont waste your time with a person just because they want a little privacy.
Re:Is this is a big deal? (Score:5, Insightful)
Do you want the truth?
You can't handle the truth!
The truth is that in the current environment, you can't trust anything. Use your PC to scramble the call. If its that sensitive, anything else is foolish. Or use a one-time pad to encode it.
Think of it, if you were the "powers that be", isn't this how you'd do it?
Re:In other news... (Score:5, Insightful)
The only groups these wiretaps hurt are the law-abiding citizens. The smart (read: dangerous) criminals have it all figured out-- Prepaid cell phones.
Pre-paid cell phones are literally disposable, one-use toys to the bad guys. You don't even need a fake ID, just cash, and not all that much at that. How can they tap your phone when you use a different phone for each call? The best they could do is tap all the pre-paid phones and listen to every conversation out there -- good luck with that! (wanna bet the NSA is big into voice recognition?)
Re:In other news... (Score:3, Insightful)
Sending encrypted e-mails, for example, when nobody else in the world is doing so, is like putting a huge sign on your front lawn saying, "INTRIGUING SECRETS ARE GOING ON IN HERE!".
Remember that cryptography is only one link in the information security chain, and that everything has to get back to plaintext eventually. Once the feds are interested in your data, there is nothing stopping them from parking a truck across the street and harvesting your info using TEMPEST [wikipedia.org].
Re:In other news... (Score:3, Insightful)
Caller: Yo. It's me.
>CARRIER LOST
Furthermore, the FBI has insane bugging technologies. Forget wiretaps. If they really want to get you, they'll stick parabolic or laser mikes all around you. Or bug your car and office or simply follow you around and take pictures of all your friends who they then bug and wiretap. Or what they really do is catch an associate on a felony and extort^H^H^H^H^H^H convince them to turn state's witness.
So while cool, this exploit probably does not help "bad" guys too much.
Who ya gonna call? (Score:3, Insightful)
You don't need to tap the prepaids, you just need to tap the numbers that the prepaids are calling.
Re:But sometimes... (Score:2, Insightful)
Smart move if you can get away with it.
LI (lawful intercept) costs many millions every year. The general trend (amongst the larger police states at least) has been to "mitigate" this cost by simply legislating that the carriers must provide these services and must provide them at no cost to the requestor. This leaves the carriers eating a great whacking cost for the privilege being thrown between the government and the rest of the criminals. In most countries I expect this charge is part of the "system access fee" or hidden in the 911 charge. Perhaps Germany neglected to do this and was none-too-gently reminded that somebody has to pay the piper.
Re:I, for one, welcome security flaws (Score:2, Insightful)
You here demonstrate you have no idea what a publicly traded company actually is.