mailing list archives
Phreaking the Wiretappers
From: David Farber <dave () farber net>
Date: Tue, 18 Apr 2006 12:44:12 -0400
Begin forwarded message:
From: Ross Stapleton-Gray <ross () stapleton-gray com>
Date: April 18, 2006 12:20:36 PM EDT
To: Dave <dave () farber net>
Subject: Phreaking the Wiretappers
Matt Blaze et al. on research on methods to compromise wiretaps. The
article in Govt Computer News (appended below): http://www.gcn.com/
The NSF grant abstract: http://www.nsf.gov/awardsearch/showAward.do?
Wiretaps vulnerable to phreaking
04/17/06 -- 04:04 PM
By William Jackson,
You can’t always believe what you hear
Researchers at the University of Pennsylvania have found that it is
not at all difficult for bad guys to outwit law enforcement wiretaps
on their phone lines.
A team of graduate students working with a National Science
Foundation grant set out to determine just how trustworthy the most
common types of telephone wiretaps used by police and intelligence
agencies are, said Professor Matt Blaze.
The results of these taps are accepted uncritically by courts, Blaze
said at the 2006 International Conference on Network Security being
held in Reston, Va.
“It turns out, it can fail in all sorts of unexpected ways,” he said.
“Either party can disrupt a wire tap or introduce misleading
information into the legal record.”
The techniques exploit vulnerabilities in the single signaling and
audio channel used in analog telephone systems.
Blaze said the project was an attempt to establish some baselines for
network security by assessing how easy it is to conduct reliable
eavesdropping on the century-old protocols used in analog voice phone
systems. End-to-end cryptography often is seen as the most certain
way to secure a communications channel. But almost nobody uses that
for voice conversations because of the complexity. And, as it turns
out, it is not necessary.
The most common technology for tapping a phone line is a loop
extender, which is a one-way bridge from the target subject’s local
loop to the phone line of the listening station. The great majority
of wiretaps are pen register taps, which record only the telephone
numbers dialed by the target and when the calls are made. Only about
10 percent of taps actually record the content of calls. Both types
use the same equipment.
But the caller can game the police equipment by using a notebook
computer to fine-tune the pulse tones generated to dial a number. By
tuning them properly, the correct numbers will be accepted by
switching equipment at the caller’s central telephone office, but
tones often will be misinterpreted on the police equipment, producing
Techniques similar to the old phreaking tricks used to steal long
distance service can be used to turn off a wiretap recorder remotely.
A signaling tone can be sent on the line that will fool police
equipment into thinking the phone is back on the hook, causing the
recorder to shut off. Blaze played a demonstration tape in which the
participants were able to continue a conversation after the police
equipment had “hung up.” The same technique can be used to block
police equipment from recording the number being dialed and to inject
a phony number later.
The 1996 Communications Assistance for Law Enforcement Act required
vendors to include a wiretap interface in telephone switching
equipment, which would theoretically thwart these tricks. But most
vendors made their switches backward compatible to work with legacy
loop extender equipment that police continue to use. This
reintroduced the same vulnerabilities when using a CALEA interface.
This is an object lesson for software developers, Blaze said.
“We have to [be] careful about how backward compatibility can mean
compatibility with old bugs,” he said.
Blaze said there is no concrete evidence that these techniques have
been used to thwart legitimate wiretaps. But he said court records
show that anomalies in recorded conversations often are accepted as
inevitable by police and the courts, leaving open the question of how
trustworthy those recordings are.
© 1996-2006 Post-Newsweek Media, Inc. All Rights Reserved.
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
Archives at: http://www.interesting-people.org/archives/interesting-people/
- Phreaking the Wiretappers David Farber (Apr 18)