Wiretappers hoisted by their own petard

I was immensely amused to hear bleatings from US law enforcement officials over the weekend that their wiretapping technology has a number of security flaws.

The most basic flaw appears to be the ability to remotely control the recorder using in-band PSTN signalling tones.

These tones, although not seen on a regular phone, are still generated by the same touch-tone chipset using a 4 x 4 `numbering' matrix that adds the digits A, B, C and D to the normal `10 number plus star/hash keypad' seen on most modern phones.

Dial-up modems, of course, can also generate the required in-band tones. To the best of my knowledge, they've been capable of doing this since the late 1980s.

As well as being capable of being stopped remotely, the FBI wiretap recorders can also have dialling databases falsified.

These revelations have serious implications for the use of recorder logs in court as evidence against hackers, crims and other alleged miscreants.

They also drive a steamroller through the intelligence data gathered by the FBI, CIA and NSA in the US.

All these revelations were published in yesterday's edition of Security & Privacy, a journal of the Institute of Electrical and Electronics Engineers.

Watch this one hit the headlines in the next few days...