Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Government The Courts News

Security Flaws Allow Wiretaps to be Evaded 191

Posted by samzenpus from the it's-coming-from-inside-the-house dept.
An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."
This discussion has been archived. No new comments can be posted.

Security Flaws Allow Wiretaps to be Evaded More

Security Flaws Allow Wiretaps to be Evaded

Comments Filter:

  • Is this like a default password... (Score:4, Interesting)

    by PurifyYourMind ( 776223 ) on Wednesday November 30, 2005 @09:18PM (#14152684) Homepage
    ...on a router/etc.? Like a programmer's backdoor that they forgot to shut off after they sold the units? I guess it's security through obscurity... relying on the subject not knowing they're even being tapped, and thus having no reason to try to stop the tap.

  • I, for one, welcome security flaws (Score:5, Interesting)

    by PlayfullyClever ( 934896 ) <playfull@playfullyclever.com> on Wednesday November 30, 2005 @09:25PM (#14152730) Homepage Journal
    Remember that we're all presumed innocent. To take an example of encryption, just because I'm using encryption does not mean that I am plotting nefarious schemes against my fellow citizens. I may be discussing confidential business things, for example. Y'know, dare I say it, I might actually work from home in an effort to not drive my car around and burn gas, hurt the environment, etc., etc.

    These sorts of mistakes can be dangerous. Imagine the above example--I'm some bigshot business-guy. I own a publicly traded company. The FBI inadvertently taps my phone and learns that someone at the company I work for has just invented something that will make the company a ton of money. Do you really think those agents aren't going to call up their stock-brokers and say, "BUY! BUY! BUY!" (Or, assume the other direction, if you prefer)

    Frankly, yes. I want to make it difficult for the government to wiretap it's citizens. I want somebody to look at the evidence that has been accumulated and act as my representative to say, "Hey, wait. Just because he encrypts his phone calls doesn't mean he's a terrorist." I want somebody to second-guess these guys.

    The story of the gutsy cop who goes against procedure to nab the bad guys before they enact their evil deeds is a great movie. But it's not real life--remember, in most cases we get the see the bad guys planning their acts in the movies so we know who the bad guy is. Reality is not that cut-and-dried.

    In short, I'm more worried about the government abusing it's power than of the terrorists blowing up a building. That happens alot more often.

  • I wonder if .... (Score:5, Interesting)

    by jesusfingchrist ( 853886 ) on Wednesday November 30, 2005 @09:29PM (#14152752) Homepage
    The OP has anything to do with this :

    http://www.newsmax.com/archives/articles/2001/12/1 8/224826.shtml [newsmax.com]

    U.S. Police and Intelligence Hit by Spy Network

            Charles R. Smith
            Wednesday, Dec. 19, 2001

    Spies Tap Police and Government Phones

    In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services.

    The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement.

    The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad.

    Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted."

  • But sometimes... (Score:5, Interesting)

    by Savage-Rabbit ( 308260 ) on Wednesday November 30, 2005 @09:34PM (#14152789)
    ... the powers-that-be add insult to injury. A few years ago German police woke up to the fact that a large portion of their wiretapping operation had gone sour. Apparently they used some sort of a digital voice-message like scheme to implement the surveillance and somebody, presumably a beancounter at one of the telecoms, decided to bill the customers in question for this 'service'.

  • Off-Hook detectors and DTMF variability (Score:4, Interesting)

    by billstewart ( 78916 ) on Wednesday November 30, 2005 @11:31PM (#14153441) Journal
    It's not a backdoor, it's a design feature that's being phreaked. Analog Wiretaps can't use the phone switch standard signalling method to detect whether a phone's on-hook or off-hook, because they're patched around the switch, so the equipment transmits a tone whenever the phone's on-hook to tell the recorder not to bother recording. And because it's running on phone-quality wire, it's an in-band tone, usually one of the extra four Touch-Tone tones, which means that the phone's user can send the tone themselves to tell the wiretapper's recorder that they're not there. The recorder _could_ have been built to do voice detection, but it's an old design and this is a cheaper and dumber way to implement it.

    But wiretappers don't just record voice, they record dialed numbers and caller-id. The other set of flaws, which you can read about in the longer PDF paper, depend on the fact that DTMF detectors are usually analog devices with a certain amount of sensitivity, and in general the phone switch and the wiretapper's equipment won't be the same. So you can find out how far off to bend your touchtones and have the phone switch still listen to you, and then you can send touchtones in-spec or out-of-spec to confuse the wiretapper's equipment, which can't tell whether the phone switch is or is not listening to the numbers you can dial. If it's more sensitive than the phone switch, you can send bogus digits that the wiretapper will record and the phone switch will ignore - but if it's less sensitive, and you're sending your digits just at the edge of the phone switch's range, the wiretapper won't see them.

    You can play similar games with CallerID, giving the wiretapper lots of entertaining stuff to listen to when you're not on the phone.

  • Re:In other news... (Score:5, Interesting)

    by X ( 1235 ) <x@xman.org> on Wednesday November 30, 2005 @11:43PM (#14153538) Homepage Journal
    Actually, you might want to talk to a certain mafioso who used PGP to protect his communications, only to find out that the FBI didn't even need a court order to tap his keyboard. :-(

  • Re:In other news... (Score:3, Interesting)

    by woolio ( 927141 ) * on Thursday December 01, 2005 @01:45AM (#14154334) Journal
    wanna bet the NSA is big into voice recognition?

    At a recent IEEE conference, I noticed a large number of researchers' topics concerned voice recongition and voice synthesis.

    Although I'm not sure for who they were working or from where the funding came. (Plus, it was an international conference).

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close