Thursday, December 1, 2005
Federal wiretaps can be defeated by playing a beep-tone into the phoneThe automated wiretapping system built into voice-switches under the US federal CALEA law can be trivially defeated by bad guys who simply play a beep-tone into their receivers, according to a research paper published in October and revised yesterday.
To defeat wiretapping systems, the target need only send the same "idle signal" that the tapping equipment sends to the recorder when the telephone is not in use. The target could continue to have a conversation while sending the forged signal.What this means is that when the cops want to wiretap a moderately skilled crook, he can defeat their efforts. But when an honest person is being caught up in the kind of indiscriminate wiretapping enabled under post-911 laws like PATRIOT and the Homeland Security Act, they can expect to have their conversations recorded. Likewise when a criminal hijacks the legally mandated CALEA wiretapping back-doors at the local phone-company. This is a wiretapping system that really only works on law-abiding citizens.The tone, also known as a C-tone, sounds like a low buzzing and is "slightly annoying but would not affect the voice quality" of the call, Mr. Blaze said, adding, "It turns the recorder right off."
The FBI claims that this only effects older equipment, but some experts report that modern equipment was designed for backwards compatibility with the vulnerable stuff, leaving it, too, vulnerable to this attack.
NYT article link, Research paper link
(via Schneier)
posted by Cory Doctorow at 12:08:58 AM
permalink | Other blogs commenting on this post
