Security Flaws Allow Wiretaps to be Evaded

← Back to Stories (view on slashdot.org)

Security Flaws Allow Wiretaps to be Evaded

Posted by samzenpus on Wednesday November 30, 2005 @01:09PM from the it's-coming-from-inside-the-house dept.

An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."

4 of 191 comments (clear)

Min score:

Reason:

Sort:

In other news... by ThatGeek · 2005-11-30 13:16 · Score: 5, Insightful

In other news, smart people can avoid being caught by doing stuff...

I mean, any dolt can PGP or GnuPG encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.

If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.

--
What are you eating? isItVeg?.
1. Re:In other news... by PlayfullyClever · 2005-11-30 13:59 · Score: 5, Insightful
  
  Or just use a pre paid cell phone.
  
  The only groups these wiretaps hurt are the law-abiding citizens. The smart (read: dangerous) criminals have it all figured out-- Prepaid cell phones.
  
  Pre-paid cell phones are literally disposable, one-use toys to the bad guys. You don't even need a fake ID, just cash, and not all that much at that. How can they tap your phone when you use a different phone for each call? The best they could do is tap all the pre-paid phones and listen to every conversation out there -- good luck with that! (wanna bet the NSA is big into voice recognition?)
  
  --
  Check out my website: Playfully Clever
RTFA and all that by kebes · 2005-11-30 13:18 · Score: 5, Insightful

Let's keep this in perspective. The article says:

A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)

So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.

What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).
Re:Is this is a big deal? by tomhudson · 2005-11-30 13:53 · Score: 5, Insightful

Do you want the truth?
You can't handle the truth!
" Look, our disinformation campaign is working! People who have something to hide will send the recorder activation tone down the line before each call, thinking they're keeping us from listening in. Bwhaahahaha"

The truth is that in the current environment, you can't trust anything. Use your PC to scramble the call. If its that sensitive, anything else is foolish. Or use a one-time pad to encode it.
Think of it, if you were the "powers that be", isn't this how you'd do it?