Signaling Vulnerabilities in Wiretapping Systems
Micah Sherr, Eric Cronin, Sandy Clark and Matt Blaze
University of Pennsylvania
Contact E-mail: blaze at-sign cis.upenn.edu
11 October 2005; revised 30 November 2005
In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill. Preliminary drafts of the paper have been made available to the law enforcement community; contact the authors at the above email address.
We found exploitable vulnerabilities present in virtually all analog "loop extender" wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. The vulnerabilities arise from the use of unsecured "in-band" signals that can be spoofed or manipulated by an interception target via his or her own telephone line.
This is further proof that FISA is outdated and should probably be updated address the current conditions.
When you click make sure you listen to the mp3 tones