Vulnerability Development mailing list archives
Re: Q: Voice over IP security - anyone?
From: Cold Fire <coldfire () CLOSED-NETWORKS COM>
Date: Sun, 8 Oct 2000 23:40:13 +0100
On Sun, Oct 08, 2000 at 03:13:30PM +0800, Lincoln Yeoh wrote:
It was public knowledge about a decade ago why it was weak, I believe it came up in the major UK newspapers. The encryption was intentionally weakened by request of the spy agencies (GCHQ etc). There was a bit of a noise about it, then it died down.
Funnily enough, most people in the UK use analogue landlines, with no encryption, people do not care because most peoplehave nothing to hide. <SNIP>
Anyway, you don't even need to crack GSM crypto to listen in. The conversation is only encrypted from the phone to the tower (or was it the exchange? anyway), from then on it's "clear text". So if the police did things the "redtape" way they can listen in without having to crack anything. I suppose it's too much of a hassle to get permission from the necessary people?
GSM ecnryption is, in my opinion, there to stop the average joe in the street listening in, and as an add on to the authentication encryption built in to stop cloaning. This said there are already sophisticated devices, ala CellTrak, for listening to, and tracking GSM mobiles on the black market. There are very few 'wiretap' warants issued in the UK, I think the last figures I saw were less than 200 a year, I'm sure there are far more actual incidents than this, but the important thing is, if there is no warant, its not admissable in court, the moral of this is: Criminals buy pre-pay mobile of the shelf in the supermarket, use them for a few weeks then buy a new one, this gives authorities (GCHQ or otherwise) little time to identify the phone, install taps, work out who 'Mr White' wanting to 'go out for a drink' is amongst the other traffic. This has little to do with computer security anyway, moderator feel to kill this post. Steve NB. In the interests of full disclosure I have a conviction for cell phone fraud. -- 'Cold Fire, Britains most notorious hacker' Observer, July 1997 'The most recent conviction was that of [Cold Fire] whose On-line escapades spanned from hacking into educational sites to more sinister activities such as tapping into industrial and United States military sites.' DC Paul Cox, SO6 Scotland Yard CCU
Current thread:
- Q: Voice over IP security - anyone? Craig, Scott (Oct 05)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- Re: Q: Voice over IP security - anyone? Cold Fire (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 10)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- <Possible follow-ups>
- Re: Q: Voice over IP security - anyone? Guilherme Mesquita (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)