Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Allow Wiretaps to be Evaded

Posted by samzenpus on from the it's-coming-from-inside-the-house dept.

An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."

10 of 191 comments (clear)

  1. In other news... by ThatGeek · · Score: 5, Insightful

    In other news, smart people can avoid being caught by doing stuff...

    I mean, any dolt can PGP or GnuPG encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.

    If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.

    --
    What are you eating? isItVeg?.
    1. Re:In other news... by PlayfullyClever · · Score: 5, Insightful

      Or just use a pre paid cell phone.

      The only groups these wiretaps hurt are the law-abiding citizens. The smart (read: dangerous) criminals have it all figured out-- Prepaid cell phones.

      Pre-paid cell phones are literally disposable, one-use toys to the bad guys. You don't even need a fake ID, just cash, and not all that much at that. How can they tap your phone when you use a different phone for each call? The best they could do is tap all the pre-paid phones and listen to every conversation out there -- good luck with that! (wanna bet the NSA is big into voice recognition?)

      --
      Check out my website: Playfully Clever
  2. Re:Is this is a big deal? by ndansmith · · Score: 4, Insightful

    Likely the powers-that-be would know about your new line and tap it as well. It is better to let them think they are tapping you, when in reality you are circumventing the system.

  3. Feature, not a bug... by Anonymous Coward · · Score: 3, Insightful

    That way when the party officials want to do something underhanded, they use the red 'bat phone' that nukes any cops that are trying to listen in on them. In this way, they can have it both ways. Watch the proles without being watched themselves.

  4. RTFA and all that by kebes · · Score: 5, Insightful

    Let's keep this in perspective. The article says:

    A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)

    So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.

    What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).

  5. In other news... by Psionicist · · Score: 4, Insightful

    In other news: A team of researchers belived to be linked to an unknown group of terrorists was charged under the DMCA and PATRIOT act as a threat to national security. They are now being held for an unknown period if time, awaiting trial...

  6. Re:Is this is a big deal? by Anonymous Coward · · Score: 3, Insightful

    Surely if sending a low frequency tone becomes a "standard", law enforcement agencies will change their methods to so that wiretaps can't be blocked by a low tone? In fact, the aticle says that only 10% of 'dated' wiretap machines can be defeated in this manner anyway, so don't rush out to buy the next phone offering compl33t an0nym1ty from the fedz!

    Where's the big deal?

  7. Double-edged sword by jemenake · · Score: 3, Insightful
    Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder
    Of course nobody would actually play that tone over the phone unless they were trying to foil wiretaps, right? How long do you think it'll be before the feds try to ammend the Patriot Act to allow them to listen just for that tone even on lines that they don't have a wiretap warrant for? Imagine picking up any phone in the U.S., playing the tone into it, and immediately getting your conversation recorded.... simply by virtue that you've already demonstrated your "guilty mind".

    I feel safer already....
  8. Limited Value by digitalchinky · · Score: 3, Insightful

    *Ahem* From the 'wire tapping' I know of it's all man in the middle, digitised, and stored on hard disk - with the cooperation of the telecoms or without. I haven't seen a 'tape recorder' in a good 10 years now. Still have them, just not needed any longer. I should imagine, given the hardware used in Australia, that US police would do a similar thing and if not - identical. The likelyhood these days of a machine that could be switched off remotely I would suggest is improbable at best.

    They did use "publicly available information" - what is made (or leaked to the) public is often years out of date, inaccurate, or simply not even true - rarely does it describe the technology in actual use, so don't go and loosen the straps on the tin foil just yet :-)

  9. Re:Is this is a big deal? by tomhudson · · Score: 5, Insightful

    Do you want the truth?

    You can't handle the truth!

    " Look, our disinformation campaign is working! People who have something to hide will send the recorder activation tone down the line before each call, thinking they're keeping us from listening in. Bwhaahahaha"

    The truth is that in the current environment, you can't trust anything. Use your PC to scramble the call. If its that sensitive, anything else is foolish. Or use a one-time pad to encode it.

    Think of it, if you were the "powers that be", isn't this how you'd do it?