Signaling Vulnerabilities in Wiretapping Systems
November 30, 2005 12:59 PM   Subscribe

Signaling Vulnerabilities in Wiretapping Systems. The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely [bugmenot]. It is also possible to falsify the numbers dialed [pdf].
posted by event (5 comments total)
Matt Blaze is an impressive fellow. Amongst other things, also wrote a widely noted piece about master-keyed physical lock system vulnerabilities.
posted by bz at 1:12 PM on November 30, 2005

Haha, that's some very impressive work, although, you would almost certanly want to use real encryption if you were doing anything serious -- the dialed number spoofing would come in handy even with encryption, however.
posted by delmoi at 1:33 PM on November 30, 2005

It's out! It's out! FINALLY!

Matt Blaze has pure unadultered 500 karat diamond cojones.

Perhaps you do not believe me. Would you believe a slide that basically says:

"It is a serious felony to own this product."
"So I bought it on eBay."

Turns out that, because he had an NSF grant to do research into related subjects, he was exempt.

As to what he's got (the short version):

1) DTMF (touch tones) are analog. To be interacted with by digital systems, they must be digitized, with each tone collapsed into one number or another. Well, different systems have different tolerances as to what they will or won't interpret as (say) the number 3. Matt exploits the fact that the CO will have different tolerances than a pen register, by discovering the precise edge at which his own CO will or won't accept digits -- then sending numbers on both sides of that edge. Suppose now you have a pen register recording numbers: Either it's too liberal, meaning it takes too many numbers, or it's too conservative, meaning it misses everything. Either way, the tap loses.

2) In-band signalling -- "It worked for Ma Bell, why not the feds?" Basically, the phone network transmits the status of a phone being on or off hook using a particular DTMF signal called a C-Tone. What happens if the C-Tone is played in a normal call? The tap thinks you hung up. What if you dial someone else? The tap thinks you're on a new call. Oops.

3) What if you just don't want to be tapped? Play a C-Tone. Wouldn't that be loud? Well, turns out you can just make a really...quiet...C-Tone...

4) Did I mention either side of a phone call can do all these things?

5) What about the new, CALEA technology...isn't it supposed to save us from all these problems? Two words: Backwards compatibility. Yup, the problems of yesterday, today.

Favorite talk in a while. Fantastic.
posted by effugas at 3:46 PM on November 30, 2005

How are these protected in HDTV?
posted by Balisong at 9:15 PM on November 30, 2005

I gotta get me a C-tone generator. (Just in case)
posted by Megafly at 4:42 PM on December 1, 2005

« Older Gulf Stream weakening   |   super monk Newer »

This thread has been archived and is closed to new comments