Sandy Clark

Signaling vulnerabilities in wiretapping systems

Many law enforcement wiretap systems are vulnerable to simple, unilateral countermeasures that exploit the unprotected in-band signals passed between the telephone network and the collection system. This article describes the problem as well as some remedies and workarounds.

Going Bright: Wiretapping without Weakening Communications Infrastructure

Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap design requirements for digital voice networks to IP network infrastructure and applications. Such an extension to emerging Internet-based services would create considerable security risks as well as cause serious harm to innovation. In this article, the authors show that the exploitation of naturally occurring weaknesses in the software platforms being used by law enforcements targets is a solution to the law enforcement problem. The authors analyze the efficacy of this approach, concluding that such law enforcement use of passive interception and targeted vulnerability exploitation tools creates fewer security risks for non-targets and critical infrastructure than do design mandates for wiretap interfaces.

Can they hear me now?: a security analysis of law enforcement wiretaps

Although modern communications services are susceptible to third-party eavesdropping via a wide range of possible techniques, law enforcement agencies in the US and other countries generally use one of two technologies when they conduct legally-authorized interception of telephones and other communications traffic. The most common of these, designed to comply with the 1994 Communications Assistance for Law Enforcement Act(CALEA), use a standard interface provided in network switches. This paper analyzes the security properties of these interfaces. We demonstrate that the standard CALEA interfaces are vulnerable to a range of unilateral attacks by the intercept target. In particular, because of poor design choices in the interception architecture and protocols, our experiments show it is practical for a CALEA-tapped target to overwhelm the link to law enforcement with spurious signaling messages without degrading her own traffic, effectively preventing call records as well as content from being monitored or recorded. We also identify stop-gap mitigation strategies that partially mitigate some of our identified attacks.

Blood in the Water (Transcript of Discussion)

A couple of years ago when we were analysing voting machines we came across a question for which we didn’t have an answer, namely if these machines are so bad why aren’t they being attacked left and right? These machines were full of vulnerabilities, they were trivial to exploit, and yet it strikes me now there’s been no documented case of an attack on any voting system by exploiting a software or a hardware vulnerability.

Bridging the gap between vulnerabilities and threats in electronic voting

Several recent studies have reported substantial vulnerabilities throughout the designs and implementations of current commercially available optical scan and DRE electronic voting system used in the United States. Every system examined by the security research community (from four major vendors) was found to have software flaws and architectural failures that, under some circumstances, could allow an attacker to take control over precinct hardware, alter or fabricate recorded results, or install and virally propagate malicious software and firmware throughout the entire system. These systems suffer from basic cryptographic and key management errors, buffer overflows in modules that accept input from untrusted sources, easily circumvented access controls, backdoor debugging modes, and feature interaction and configuration vulnerabilities. In some cases, systemwide viruses can be introduced by a single individual voter or temporary precinct poll worker.