HOWTO kill wiretaps when making a phone call

CALEA is the terrible US federal law that requires that all switches that carry voice-traffic be built with an easy-to-access remote wiretapping capability so that cops (or bad guys who know cop secrets) can listen in on your voice conversations without cooperation from the phone company. A team of University of Pennsylvania researchers (already notorious for finding flaws in the previous version of the CALEA standard that let callers lock out wiretaps) have found a solid theoretical attack against the newer, shinier CALEA standard.

"We asked ourselves the question of whether this standard is sufficient to have reliable wiretapping," said Micah Sherr, a post-doctoral researcher at the university and one of the paper's co-authors. Eventually they were able to develop some proof-of-concept attacks that would disrupt devices. According to Sherr, the standard "really didn't consider the case of a wiretap subject who is trying to thwart or confuse the wiretap itself."
It turns out that the standard sets aside very little bandwidth -- 64K bits per second -- for keeping track of information about phone calls being made on the tapped line. When a wire tap is on, the switch is supposed to set up a 64Kbps Call Data Channel to send this information between the telco and the law enforcement agency doing the wiretap. Normally this channel has more than enough bandwidth for the whole system to work, but if someone tries to flood it with information by making dozens of SMS messages or VoIP (voice over Internet protocol) phone calls simultaneously, the channel could be overwhelmed and simply drop network traffic.
That means that law enforcement could lose records of who was called and when, and possibly miss entire call recordings as well, Sherr said.

How to Deny Service to a Federal Wiretap (Thanks, Adam!)

Previously:

Leave a comment

Anonymous

Email Address

Remember personal info?

Speech is free, but Boing Boing is moderated. Comments may be deleted or disemvoweled. Anonymous comments are not automatically published. Please don't make racist, sexist or homophobic remarks or use associated offensive terms. Please don't talk politics in unrelated threads. Please don't cuss or harass other commenters. Please don't post signatures, spam, astroturf or copypasta. Link to your website only on your profile page. Wheedling accomplishes nothing. Stay on topic. Read the full moderation policy. Thank you!

Mandelbulb: 3D Mandelbrot

The Mandelbulb is an attempt to extrude the classic Mandelbrot Set fractal into three dimensions. I'm not enough of a mathematician to say whether it accomplishes this feat, but it is utterly arresting. Mandelbulb: The Unravelling of the Real 3D Mandelbrot Fractal: (via /.) Previously:Benoit Ma... More.

Slo-mo demolition of iconic Philadelphia Drexel smokestack

Nicole sez, "Philebrity posted a haunting video of the recent demolition of the Drexel Shaft in Philadelphia. The tripped out music and slowly tumbling smoke stack aptly visualize a crumbling American economy." He's One Bad Mutha- Shut Your Mouth! But I'm Talking About DREXEL SHAFT! (Thanks, Nic... More.

Is There Really A Water Crisis?

"When I say there is no water crisis, you must be wondering, 'Is this guy talking to his hat?'" That's how Asit Biswas led off his speech last month at the 2009 Nobel Conference. And--oddly worded idiom aside--he was right. That's exactly what everyone was thinking. The Conference--really a lectu... More.

Clémentine Henrion's Eternal Balloons made from fabric

Parisian artist Clémentine Henrion created these Helium Eternal Balloons. They're made from fabric. I think the effect is rather lovely. From Henrion's etsy shop: This “illusion” of an helium balloon is entirely made of precious or fancy fabric. There is no helium in this Helium Eternal balloon :... More.

7 Comments

| Leave a comment

KanedaJones | #1 | 03:13 on Thu, Nov.12 | Reply

too bad it seems inconsistent. its a shame it is a sledge hammer instead of a scalpel.

every bit helps though so good to know this..

tobergill | #2 | 04:54 on Thu, Nov.12 | Reply

Clarification - CALEA only requires phone companies to have the capability to wiretap. Actual wiretapping is still done by the phone company after a legal order, so cops can't "listen in on your calls without co-operation from the phone company"

cymk replied to comment from tobergill | #3 | 06:58 on Thu, Nov.12 | Reply

Last time I checked the Patriot Act still allows law enforcement agencies warrant-less wiretaps, so long as you are a suspected "terrorist" or have ties to "terrorism." I put those in quotes because the ones taping the phones are the ones defining what constitutes "terrorism" in their books. An inscrutable individual could easily say person X or person Y is a "terrorist" just to get said wire tap, only to turn around and say "oh darn person X isnt supporting terror, but hey look at these others laws that X broke, lets arrest them."

Joe Helfrich | #4 | 08:14 on Thu, Nov.12 | Reply

So, great article and all, but I feel like I just read it.

Since I subscribe to both the BB and BBG feeds, and since anything technology related from BB is now also getting posted to BBG, how do I not get 80% of the content twice?

Anonymous replied to comment from cymk | #5 | 10:08 on Thu, Nov.12 | Reply

I think you mean "unscrupulous" not "inscrutable".

kmoser | #6 | 14:11 on Thu, Nov.12 | Reply

In summary: DDoS.

Anonymous replied to comment from kmoser | #7 | 14:37 on Thu, Nov.12 | Reply

@kmoser

Don't you love it when that comes up in real life??

Actually, somehow this reminds me of TPB's DDo$ attack. XD

Action

health

Action

REVIEWS

Book