CALEA is the terrible US federal law that requires that all switches that carry voice-traffic be built with an easy-to-access remote wiretapping capability so that cops (or bad guys who know cop secrets) can listen in on your voice conversations without cooperation from the phone company. A team of University of Pennsylvania researchers (already notorious for finding flaws in the previous version of the CALEA standard that let callers lock out wiretaps) have found a solid theoretical attack against the newer, shinier CALEA standard.
"We asked ourselves the question of whether this standard is sufficient to have reliable wiretapping," said Micah Sherr, a post-doctoral researcher at the university and one of the paper's co-authors. Eventually they were able to develop some proof-of-concept attacks that would disrupt devices. According to Sherr, the standard "really didn't consider the case of a wiretap subject who is trying to thwart or confuse the wiretap itself."
How to Deny Service to a Federal Wiretap
It turns out that the standard sets aside very little bandwidth -- 64K bits per second -- for keeping track of information about phone calls being made on the tapped line. When a wire tap is on, the switch is supposed to set up a 64Kbps Call Data Channel to send this information between the telco and the law enforcement agency doing the wiretap. Normally this channel has more than enough bandwidth for the whole system to work, but if someone tries to flood it with information by making dozens of SMS messages or VoIP (voice over Internet protocol) phone calls simultaneously, the channel could be overwhelmed and simply drop network traffic.
That means that law enforcement could lose records of who was called and when, and possibly miss entire call recordings as well, Sherr said.
If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it’s not in use.
Lured by the internet’s pervasive insistence that it represents a superior, more comfortable typing experience, I recently went back to an old-timey mechanical keyboard. This was a mistake. I am now a hamfisted ASCII jazz disaster.
SpareOne Emergency Phone is a basic cellphone powered by AA batteries. This gives it a relatively short time on a charge, but means that it will have a charge after being stuffed in a drawer or glove box for months. I came across this during my search for the perfect basic phone, but be warned: […]
If you want to add some real firepower to your programming repertoire, learn Java–one of the most adaptable, widely-used programming platforms around. You can easily do that with this Ultimate Java bundle, now just $69 in the Boing Boing Store.Across 14 lectures and 117 hours of content, the educators at online academy eduCBA will walk you through […]
Every company wants to harness the power of social media, but few understand how to make that happen. Be one of those select few with this Social Media Marketing Course & Certification package, now just $29 in the Boing Boing Store.Over 12 modules of course material, you’ll learn what it takes to increase a brand’s […]
If you’ve got a killer app idea, but don’t have the technical expertise to pull it off, get a crash course in all things app development with the Comprehensive Android Development Bundle, now over 90% off in the Boing Boing Store. Across 83 hours of training, you’ll learn to develop for the world’s most popular mobile OS, mastering […]