Italian Phone Taps Spur Encryption Use

manekineko2 writes "This article in the NYTimes discusses how a recent rash of high-profile mobile phone taps in Italy is spurring a rush toward software-encrypted phone conversations. Private conversations have been tapped and subsequently leaked to the media and have resulted in disclosures of sensitive takeover discussions, revelations regarding game-fixing in soccer, and the arrest of a prince on charges of providing prostitutes and illegal slot machines. An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now. As a result, encryption software for mobile phones has moved from the government and military worlds into the mainstream. Are GSM phones in the US ripe for a similar explosion in the use of freely available wiretapping technology, and could this finally be the impetus to for widespread use of software-encrypted communications?"

Nice thing

[crunzh]

It would be really nice if that came standard in cellphones (Properly just a empty dream). But maybe a plugin for windows mobile and symbian handsets could be possible.

Re:Nice thing

[cl191]

I don't really know much about voice encryptions, but does the regular "dumb" phones even have enough power to do voice encryption?

Companies first

[sckeener]

I doubt it'll break into the public domain any time soon.

Here at Chevron we encrypt our Blackberries, both on the unit and during transmission. If the Blackberry is lost, the data is safe because of the encryption.

I don't see it happening for the public unless the carrier provides the service and then wouldn't the government just request the carrier to give them access?

Key Exchange?

[bernywork]

How would you go about key exchange?

Really, you need to ensure that your public keys don't get intercepted as if you sent them via SMS or otherwise. Considering the fact that you aren't trusting the network any longer, it means that you couldn't pass keys across it either.

So if you wanted a secure key exchange, you would probably have to meet someone or another trusted person and do a key exchange that way, IR would probably workk.

I guess email could work too.

Re:Key Exchange?

[jez9999]

Why would it be a problem? Only private keys ca be used to decrypt data. Unless you were concerned about the man-in-the-middle just rewriting the data to say something else, but it's hard to imagine how they'd do that to a live voice conversation.

Re:Nice thing

[crunzh]

The dumbest phones properly don't but for example the recent nokia smartphones are pretty widespred where I come from and they should have the power to do it. Heck they can dop videocalling so why not encryption of regular calls.

Worried now?

[Baavgai]

An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now.

Why on Earth would you ever discuss sensitive information on the phone before? There's always been phone tapping tech. It's only the laws for that technology's usage that protected anyone from it. You never say anything on the phone that you wouldn't say to a cop. If you don't know that rule, you're a pretty inept criminal.

Cordless phones too

[Anonymous Coward]

No matter how hard I look, I can't find a cordless phone with encryption. Ten years ago this wasn't so difficult to do. It seems after congress passed a law banning evesdropping on phones the industry just gave up on encryption. Hopefully this will reignite the use of cryptography in cordless phones.

For a very long time

[kilodelta]

Law enforcement has had the ability to tap in and monitor cellular communications.

In the days of AMPS and NAMPS it was a piece of cake. Friend of mine worked in IT for the local PD and was able to get a scanner that wasn't 800-900 blocked, and a little card and software for the computer that allowed us to follow calls as they went from cell to cell.

CDMA and GSM just throw a little wrinkle in.

Re:Key Exchange?

[jimstapleton]

In certain situations, a phone might have a bit of 'echo' (the reciver picks up a bit from the speaker). How much of a help could this echo be, in conjunction with a public key, to help identify the private key?

Re:Key Exchange?

[morgan_greywolf]

Easy. Do what SSH does. Cache the public keys with the address (phone #, in this case). You accept the public key the first time it's used, and if a different public key is presented for a particular caller or recipient, you get warned that something funny is going on. The only difference being while SSH will outright refuse to connect to a key that's changed from the cached key, you would probably make the phone simply inform the user that the caller gave a different public key this time. It's up to the user to verify if this call is not subject to a MITM attack.

Re:Italy & US

[gambit3]

Actually, the GSM standard DOES mandate the ability to tap cell phone conversations at the network provider level. I should know. I worked for 6 years for a GSM network equipment maker, and I was actually part of the team that tested the functionality of this "feature". It is called CALEA, and it will record not only every detail of the call, but even every button pressed during the call. And it was completely transparent to both ends of the call. That was one crucial aspect of this "feature" that was tested for.

Re:Italy & US

[mpe]

I believe the GSM standards actually mandate encryption. However, such encryption isn't going to do very much to protect you from wiretaps if the wiretapper has the permission from the carrier

The encryption is only between the handset and basestation. If people have the ability to make "legal" taps it wouldn't even help with a call between two phones connected to the same basestation.
You'd need end to end encryption which would also require you to establish a "data" call, which could well be charged differently from a "voice" call.

RF blend from the microphone

[Anonymous Coward]

I notice that no one has commented on the problem with RF noise of the signal created at the microphone. It bleeds into the circuitry behind the encryption device and is amplified together with the encrypted signal. Provided you're within range (and phone companies will obviously be), you can sample the convolved signal, extract the unencrypted signal (an amplitude modulation?) from the encrypted signal (white noise).

The only way to get around this is to specifically design the phone so that no signal bleeds from the microphone to the antenna. The government uses such phones, but I haven't seen any of them available for consumers and companies yet (and their production cost is prohibitively high for consumers anyway).

Re:GSM encryption is not all that trivial

[mobileTen]

An attack is very simple. You need to implement a Man in the Middle Attack. All you need to do is have your own base station. Low power base station are becoming cheaper, even to the extent that they are being put into aircraft. There is no authentication under GSM of the base station. The base station can switch encryption on and off between the base station and the phone. The phone will not warn you that encryption has switched off! Therefor to eavesdrop on a phone, when you can not get a tap at an exchange you need to buy yourself a small portable base station (Getting cheaper all the time), follow your victim, and listen.

Re:Italy & US

[anothy]

CALEA is a US-only term; the more generic industry term is Lawful Intercept; while CALEA is reasonably representative and your comments hold true for every Lawful Intercept regulation i know anything about, the specifics vary by jurisdiction. this is a current issue for folks looking at deploying WiMAX services/networks, my current area of focus. it's a major hassle, and once you offer a plain data pipe as a service option, it's futile, since genuine "bad guys" can simply employ end-to-end encryption and bust the whole theory.

Re:Not Gonna Happen in US

[h4ck7h3p14n37]

I work for a telecom provider (mostly hosting of SIP apps) and we are not required under CALEA to provide access to law enforcement. Rather, the telco carriers that _we_ use, like AT&T, Qwest, etc. are required to provide access. What that means is that we could offer customers a VPN connection to our network, give them a soft-phone and ensure that their SIP traffic remains encrypted. You'd probably have to do SIP to SIP since I don't know how you'd encrypt the PSTN leg of the call.

Cell phones would be tricky to encrypt since you'd have to run specialized software on the phone. For fixed stations it would be trivial. Setup SIP gateways on both ends, connect the gateways using a VPN and use either a hardware or software based SIP phone. The two parties would then need to physically exchange the encryption keys needed for the VPN. In this sort of arrangement CALEA would not apply and law enforcement would not be able to demand access to the network traffic.

I currently have access to all the necessary software and hardware, but simply haven't have the time to setup an experimental system like the one I described. This sort of system has been technically feasible for over a decade. Perhaps I should start selling all-in-one packages?