01 December 2005

Security Flaws Allow Wiretaps to be Evaded

Signaling Vulnerabilities in Wiretapping Systems

Micah Sherr, Eric Cronin, Sandy Clark and Matt Blaze

University of Pennsylvania
Contact E-mail: blaze at-sign cis.upenn.edu
11 October 2005; revised 30 November 2005

Note: For those in the Philadelphia area, these results will be presented at the Penn Computer Science Research Seminar on Thursday, December 1st, at 3pm in the Levine Hall auditorium (on the Penn campus at 3330 Walnut Street).

Overview

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill. Preliminary drafts of the paper have been made available to the law enforcement community; contact the authors at the above email address.

We found exploitable vulnerabilities present in virtually all analog "loop extender" or "dialup slave" wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. These systems depend on unsecured "in-band" signals that can be spoofed or manipulated by an interception target via his or her own telephone line.

In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure. Audio examples (in MP3 format) of this countermeasure can be found below.

Loop extender systems are susceptible to other countermeasures as well. In particular, a subject can employ a simple computer-aided dialing procedure (which we call "confusion/evasion dialing") that prevents the dialed outgoing telephone numbers from being recorded accurately by the tap. Wiretap subjects can also falsely indicate the ending times for calls they make and receive and can inject false records of outgoing and incoming calls (appearing to be to or from any numbers they choose) into pen register logs.

Our analysis was based entirely on information obtained from published sources and equipment purchased openly in the retail and surplus markets. It is therefore possible (and perhaps even likely) that similar countermeasures have already been discovered and actively employed by motivated wiretap targets, e.g., in organized crime. Currently fielded telephone interception systems should be evaluated with respect to these vulnerabilities and re-configured or modified where possible to reduce their susceptibility. In addition, the possibility of these or similar countermeasures should be considered in analyzing previously collected wiretap evidence and intelligence.

Recommendations

A detailed technical analysis of the vulnerabilities and their implications can be found in the full paper at http://www.crypto.com/papers/wiretap.pdf.

There is unfortunately little room to make conventional loop extender interception systems more robust against these countermeasures within their design constraints; the vulnerabilities arise from inherent properties of their architecture and design.

Some CALEA systems, on the other hand, may be able to be made more robust against these countermeasures with relatively modest configuration changes. In particular, CALEA equipment that processes call audio may have features that control recording via in-band C-tone (sometimes called "continuity tone") signals on "Call Content Channel" (CCC) audio streams. These features should be disabled. Instead, these systems should be configured to rely exclusively on "Call Data Channel" (CDC) messages to determine when recording commences and stops. Telephone companies and law enforcement agencies should confirm the configuration and behavior of their CALEA delivery and collection systems with their vendors.

Wiretap evidence, whether collected by loop extender or CALEA systems, should be evaluated for signs of signaling countermeasures. In particular, records of dialed numbers and call times should be examined for discrepancies against telephone company call detail records. This reconciliation should be performed routinely and as soon as possible after the records become available.

We strongly urge that J-STD-025A and other interception standards and practices be evaluated critically against countermeasures such as those described in our paper and, more generally, against a broad threat model. Our analysis was by design limited in scope, with no attempt made to be comprehensive or exhaustive, and yet easily exploitable weaknesses were quickly found. It appears that a systematic search for vulnerabilities under a threat model that includes subject-initiated countermeasures was not a part of the development process for either the J-STD-025A standard or many of the systems that implement it. We suggest that the law enforcement community develop and articulate security and assurance requirements for interception systems, against which existing and future standards and technologies can be measured.

Audio example

In these MP3 audio captures, Alice and Bob are suspected of illegal activity and are the subjects of a full audio Title III wiretap interception on Alice's line. Alice uses C-tone spoofing to selectively suppress recording of part of the conversation. The recordings were created in our laboratory on a simulated telephone network with various wiretapping products.
Use the browser "back" button to return here after visiting these links:


This link [observed.mp3] gives the audio stream as captured and recorded by a Recall Technologies NGNR-2000 law enforcement loop extender wiretap system connected to Alice's line. Note the C-tone burst at the end of the recording (which ordinarily indicates that the tapped party has hung up and which causes recording to terminate). To the law enforcement agency, this appears to be a normal recording of a brief call.

This link [unobservered.mp3] gives the full conversation between Alice and Bob, as captured by an inexpensive, consumer-grade telephone recorder interface (sold by Radio Shack) connected to Alice's line.

Full paper

The full version of our research paper can be found online (PDF format, 500KB file) at http://www.crypto.com/papers/wiretap.pdf, and appears in the November/December 2005 issue of IEEE Security and Privacy.



Crypto.com home page here.
http://www.crypto.com/

No comments: