Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Allow Wiretaps to be Evaded

Posted by samzenpus on from the it's-coming-from-inside-the-house dept.

An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."

18 of 191 comments (clear)

  1. quickest way to Cuba by RY · · Score: 5, Funny

    Try it and find out...

  2. In other news... by ThatGeek · · Score: 5, Insightful

    In other news, smart people can avoid being caught by doing stuff...

    I mean, any dolt can PGP or GnuPG encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.

    If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.

    --
    What are you eating? isItVeg?.
    1. Re:In other news... by ikkonoishi · · Score: 4, Funny

      Attn. Agent Snowman:The cows have jumped the moon. I repeat the cows have jumped the moon. It is too late to close the barn door.

    2. Re:In other news... by PlayfullyClever · · Score: 5, Insightful

      Or just use a pre paid cell phone.

      The only groups these wiretaps hurt are the law-abiding citizens. The smart (read: dangerous) criminals have it all figured out-- Prepaid cell phones.

      Pre-paid cell phones are literally disposable, one-use toys to the bad guys. You don't even need a fake ID, just cash, and not all that much at that. How can they tap your phone when you use a different phone for each call? The best they could do is tap all the pre-paid phones and listen to every conversation out there -- good luck with that! (wanna bet the NSA is big into voice recognition?)

      --
      Check out my website: Playfully Clever
    3. Re:In other news... by X · · Score: 4, Interesting

      Actually, you might want to talk to a certain mafioso who used PGP to protect his communications, only to find out that the FBI didn't even need a court order to tap his keyboard. :-(

      --
      sigs are a waste of space
  3. Re:Is this is a big deal? by ndansmith · · Score: 4, Insightful

    Likely the powers-that-be would know about your new line and tap it as well. It is better to let them think they are tapping you, when in reality you are circumventing the system.

  4. RTFA and all that by kebes · · Score: 5, Insightful

    Let's keep this in perspective. The article says:

    A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)

    So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.

    What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).

  5. Is this like a default password... by PurifyYourMind · · Score: 4, Interesting

    ...on a router/etc.? Like a programmer's backdoor that they forgot to shut off after they sold the units? I guess it's security through obscurity... relying on the subject not knowing they're even being tapped, and thus having no reason to try to stop the tap.

  6. In other news... by Psionicist · · Score: 4, Insightful

    In other news: A team of researchers belived to be linked to an unknown group of terrorists was charged under the DMCA and PATRIOT act as a threat to national security. They are now being held for an unknown period if time, awaiting trial...

  7. Let me get this straight... by dada21 · · Score: 5, Funny



    High frequency tones turn off teenagers.

    Low frequency tones turn of the NSA.

    Slashdotter vocal tones turn off women.

    Did I miss anything?

  8. Wanna get rid of a wiretap on your phone? by kcbrown · · Score: 5, Funny
    Seems to me there's a, um, more permanent solution:

    1. connect disposable phone to phone line
    2. call some unimportant number
    3. connect 50,000 volt source to the phone line
    4. ZAAAAAP!!!!
    5. Watch feds exit the van across the street. You know, the one with the smoke billowing out of it.

    Oh, yeah, guess I forgot a step: flee the country, because they'll be after your ass now!

    --
    Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
  9. I, for one, welcome security flaws by PlayfullyClever · · Score: 5, Interesting

    Remember that we're all presumed innocent. To take an example of encryption, just because I'm using encryption does not mean that I am plotting nefarious schemes against my fellow citizens. I may be discussing confidential business things, for example. Y'know, dare I say it, I might actually work from home in an effort to not drive my car around and burn gas, hurt the environment, etc., etc.

    These sorts of mistakes can be dangerous. Imagine the above example--I'm some bigshot business-guy. I own a publicly traded company. The FBI inadvertently taps my phone and learns that someone at the company I work for has just invented something that will make the company a ton of money. Do you really think those agents aren't going to call up their stock-brokers and say, "BUY! BUY! BUY!" (Or, assume the other direction, if you prefer)

    Frankly, yes. I want to make it difficult for the government to wiretap it's citizens. I want somebody to look at the evidence that has been accumulated and act as my representative to say, "Hey, wait. Just because he encrypts his phone calls doesn't mean he's a terrorist." I want somebody to second-guess these guys.

    The story of the gutsy cop who goes against procedure to nab the bad guys before they enact their evil deeds is a great movie. But it's not real life--remember, in most cases we get the see the bad guys planning their acts in the movies so we know who the bad guy is. Reality is not that cut-and-dried.

    In short, I'm more worried about the government abusing it's power than of the terrorists blowing up a building. That happens alot more often.

    --
    Check out my website: Playfully Clever
  10. I wonder if .... by jesusfingchrist · · Score: 5, Interesting

    The OP has anything to do with this :

    http://www.newsmax.com/archives/articles/2001/12/1 8/224826.shtml

    U.S. Police and Intelligence Hit by Spy Network

            Charles R. Smith
            Wednesday, Dec. 19, 2001

    Spies Tap Police and Government Phones

    In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services.

    The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement.

    The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad.

    Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted."

    --
    "Freedom and Justice for All" is a registered trademark of The United States Govt Inc. Not available in all areas.
  11. It's a trap! by Jeremi · · Score: 4, Funny
    1. Make up fake story about how to disable phone tapping via special tone
    2. Get story published on Slashdot (etc)
    3. If the people you are wiretapping start sending the tone, you now know they suspect they are being monitored
    4. Better yet, having used the tone, they now think they can talk freely
    5. gather evidence!
    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  12. But sometimes... by Savage-Rabbit · · Score: 4, Interesting

    ... the powers-that-be add insult to injury. A few years ago German police woke up to the fact that a large portion of their wiretapping operation had gone sour. Apparently they used some sort of a digital voice-message like scheme to implement the surveillance and somebody, presumably a beancounter at one of the telecoms, decided to bill the customers in question for this 'service'.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
  13. Yeah, right... by garyok · · Score: 5, Funny

    Is this some sort of darwinian IQ test for terrorists? You can just imagine the gleeful delight on their simple, child-like faces and the unrestrained joy they will experience with unfettered access to telecommunicaions this will allow.

    [low hum down a phone line]

    "Hello. Is that you Omar?"

    "Why, yes it is Osama. How are you today? And what's the weather like like in your donkey burrow in Yemen? The weather's great here in Florida. My view from the Delano Hotel's room window is fabulous - I am also ordering martinis like James Bond."

    "Yes, yes... quit your bragging. Just because you weren't born with the most recognisable stripey beard in the world... Now can we please start planning our next atrocity?"

    "Ah yes. It is pleasing that we can freely discuss our locations and plans now that the engineers of the American military-industrial complex have told us how to easily counteract their most sophisticated surveillance. Their foolishness in revealing this technique to the entire world, via the internet, has allowed us to dispense with our counter-surveillance training, techniques, and equipment. It is truly a golden age for violent reactionaries wishing to impose a totalitarian pseudotheocracy on the idol-worshipping, hemp-smoking, fornicating, soulless infidels!"

    "Wait! Who THE FUCK did you say told you this would work?!"

    "Yes, the Americans. They said we'd be safe if we did this. How typically naive of them. Their destruction is assured!"

    --
    One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
  14. Re:Is this is a big deal? by tomhudson · · Score: 5, Insightful

    Do you want the truth?

    You can't handle the truth!

    " Look, our disinformation campaign is working! People who have something to hide will send the recorder activation tone down the line before each call, thinking they're keeping us from listening in. Bwhaahahaha"

    The truth is that in the current environment, you can't trust anything. Use your PC to scramble the call. If its that sensitive, anything else is foolish. Or use a one-time pad to encode it.

    Think of it, if you were the "powers that be", isn't this how you'd do it?

  15. URLs for the REAL papers say lots more. by billstewart · · Score: 4, Informative
    The shorter HTML version mainly talks about attacks on the voice eavesdropping parts, while the Longer PDF paper for IEEE has even more technical detail and talks about attacks on dialed-number-recording Pen Registers and CallerID, which the Feds and Local Police are able to wiretap without the same level of court order that a voice wiretap requires. (I've done the NYUD-automatic-caching versions of the URLs, rather than the raw URL, to protect against Slashdotting.)

    Basically, there's a fairly high proportion of the wiretapping gear that's actually deployed is vulnerable, in spite of what the police PR folks say, and it's much easier to hack the pen-register technology (though probably impossible to prevent the phone company from giving a direct billing database feed to the Feds, which you probably can't hack.)

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks