Schneier on Security

Clive Robinson • April 17, 2023 5:05 PM

“Can you illustrate some use cases for privacy erosion that is unique to voice call traceability?”

Not sure if you are asking technical or social erosion.

On the technical side I can use a mobile to place a VoIP call into an Asterix or similar server in a different national telco region. And get the server to drop the call into a POTS with both caller ID’s being removed or set to being fake.

There are services already set up that enable you to do that and a lot more, and there is effectively no trace back across the telco boundry, you get what you are given “on trust” which is worthless.

In part the POTS was set up this way because it stops/reduces telcos cheating each other on charging. Few outside of the industry realise that there are two way charges at every boundry crossing and agreements can have different rates for different types of calls at different times of day.

As for the social side it rather depends on how far you are behind on the “trust curve”. Way to many people trust way to much and that’s how people get hurt or killed (there was a case a day ago where a teenager got shot at the door, and others have been shot through the door they made the mistake of standing next to). The number of people that have been injured or killed due to trusting is going up…

I have as I’ve mentioned before “tinnitus” hearing issues and I don’t answer “unknown” or “witheld” phone calls as standard, likewise I don’t answer calls I don’t know the number of. Even when I know the number I often don’t answer it I wait and then “call them back” and say “sorry I was in the XXX”. On a number of occasions when involved with being involved in sorting out legal issues with Government agencies (OfCom), I’ve found that the POTS was not working as it should and the local “cell site” had the wrong ID and service type.

Why? Because spoofing Caller ID numbers etc is way way to easy to do as is putting in the equivalent ofva stingray or similar. So I have no reason to trust the POTS or Mobile Networks as far as incoming calls are concerned and therefor I don’t trust them.

In fact no more than I trust someone unknown or unexpected knocking on my door or rattling the letter flap etc. In part due to the fact I’m sick and tired of junk being pushed through the door and mail gettibg “pulled back” to be used for identity theft by a criminal from a family of local criminals who stabed me in the head when I caught him trying to break in. Then a while later his moronic brother unhappy about me standing as witness against his screwdriver happy brother then pushed a burning newspaper through the letter box to try to burn my house down as revenge. Unfortubately that’s not the only troubles I’ve had in the past some “absent landlords” of adjacent properties letting out to both drug addicts who went “postal” and others letting to “drug growers” who tried to steal electricity as well as grow their plants in my garden back at a time when I used to travel on long business trips abroad a lot and was away from home for long periods…

So I take precautions like I don’t have a letter box any more and the door is A60 and very solid and there is a sprinkler system above it on both sides.

So I don’t answer or stand close to the door. Which means any unknown or unexpected persons have to walk away from the door into the middle of the garden as I call down at them from an upstairs window and tell them to do so, if they don’t then the sprinkler is easy to turn on… If they don’t get wet, then I tell them they will have to make an apointment by post, and in either case I tell them to get off the property as I regard them as trespassing with intent. If they claim to “have authority” and some idiots do, I’ve a paint bucket on a rope they can drop their “ID” into so I can pull it up and check it safely. By phoning those they claim to have authority from or the local police.

Oddly I don’t get letters to make appointments, from them, so I assume they must have been upto no good.

You might think this is “extream behaviour” but note it’s all been in response to events caused by people who can not be trusted.

The things that have happened to me are increasingly happening to others give it ten years and collect it all won’t be just SigInt agencies any more it will be any “prod-nose” with a bit of spare money. In the US there are warrents for “areas” not “individuals” so everyones phone calls etc are getting “sucked up” examined and retained.

So the way they wilk be naking the system “apparently” more trust worthy will have two effects,

1, Make collect it all less visable and much wider spread.
2, Actually by what is effectivelt propaganda make people less cautious than they should be, thus come to harm.

In the latter case we’ve already seen this happen with LEO’s pushing backdoored “secure phones” at people have a look at EuroChat and similar. Those using them trusted them thus were not cautious or circumspect like they used to be with POTS.

Our host @Bruce had made comment about the progression of attacks from accadrmics down in short order to script kides and the like.

Well those doing surveillance have the same curve, thus it goes from alleged “Serious Organised Crime” to “trying to catch some old age pensioner putting used teabags in the wrong bin” (this has actually happened already).

Clive Robinson • April 18, 2023 9:19 AM

@ Peter A.,

Yes many were surprised about the issue, and that it still worked long after DTMF was the norm.

“Last time (a couple years ago?) I tried the technique on my landline it still worked.”

Same here, only it was not a couple of years ago… Last time I looked at the UK regulations pulse dial was still required to be supported on POTS.

Thus I suspect even though POTS is fading, it will remain as long as POTS does, which might be a very long time, because “rural service” still often works better with pulse dialing especially with multi “party lines”. But also other protocols where “flashing” is required, is why that button is still on many DTMF phones…

Clive Robinson • April 27, 2023 5:08 AM

@ Junior, Peter A,

Re : POTS and Pulse Dialing.

Pulse dialing was the original workable way to send the number to be called down the line without using “girls” at switch boards.

Pulse dialing was invented long prior to anything even remotely close to the electronics required to detect tones reliably was invented. The nearest some decades later were a form of an electro-mechanical switch using a mechanical resonator like those found in harmonicas, that had quite a few issues.

It’s around 40 years since I taught trainee telephone engineers so my memory maybe a little rusty in that respect, but the last time I designed an instrument interface was in the mid 1990’s when it was at the point of “just drop in an IC” that fascilitated both pulse and tone dialing[1].

So basically most POTS lines to a customer are a pair of wires that are energized in the exchange by an ~48Volt supply, applied to the wires via two “relay coils” of either 600 or 1200 ohms coil impedence and quite some inductance. The phone pair is actually a twisted pair transmission line of again aproximately 600 ohms impedence (not resistance). In effect the “customer loop circuit” is designed to treat AC and DC seperately. AC is the desired “voice signal” and DC for signalling.

As there is only a single “loop circuit” of unknown length thus resistance which is distantly energised at the exchange, the signalling options are limited to “current signaling” via opening and closing the loop thus the current through the relay coils.

There are three basic currents,

1, Zero open circuit instrument.
2, Maximum short circuit instrument.
3, Operating that is due to the instrument impedence in series with the line.

The “pulse dial” goes by a rotary dial switch in series with the “hook switch” open circuiting the line in rapid pulses.

You would have one pulse for 1 and 10 pulses for 0.

As the rotary dial switch is in series with the hook switch you can simulate the rotary dial by rapidly tapping the hook switch.

All it takes is “practice”.

There is a section on a Wikipedia page that also explains “hook switch dialing” and how attempts were made to stop it with slow hook switches, some European nations webt from 10 pulses per second for dialing to twebty pulses per second which puts hook switch dialing beyond most peoples abilities, but causes all sorts of other issues for the telephone company.

However the Wikipedia page also contains a link to the “Anarchists Cookbook v2000” thus I would advise against clicking on it and why I’ve not provided the link… As it is suspected / suggested / stated by some that such links are “Honey Pots” for various nations security forces including the UK and USA, where under terrorism legislation you can be imprisoned indefinitely for having a copy in your possession or even proof that you looked at it.

[1] The German telco test people would not test the “instrument interface” with any scrutiny if you used a certain well known German manufactures IC and “recommend circuit” from the data sheet. Thus using the chip would save you a lot not just on test fees but time to certification by months. The fact that the German company –like Crypto AG in Switzerland– was later revealed to have had US Inteligence Community funding/ownership as well as control through the BND is a matter of history. But is slightly funny because the company got fined $800million in a bribary scandle at the turn of the century. Bribery of which a significant fraction would have been at the behest of the US IC getting certain equipment into certain countries networks (a crime the US now accuses others nations electronics companies of…).