Re: cellphones as room bugs
>8Kbit/second is enough if all you need is to understand what is being >said, not recognize the speaker. The processing power to do this is >pretty small on today's scale of things.) With decent compression techniques, 8kbps is close to telephone quality, and 2400bps has artifacts but is still quite clear. There are some nice examples at: http://www.data-compression.com/speech.shtml 1kbps would be adequate for understandable speech, so I would expect that a modern phone with megabytes for music storage could easily store several days of voice-activated room bugging. R's, John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
| Ian Farquhar (ifarquha) wrote> The other problem for this technique is | battery life. | | Suppose this worked by recording from mic to memory and then | transmitting later. This leads to a bunch of questions: | | By what factor could transmission time/power be reduced sending such a | recording later? How many minutes could a typical phone buffer? How | much does a typical conversation compress? Are such algorithms within | the power of a typical phone's processor? How much power is used in | recording to memory and compressing? Can transmission power | requirements be reduced by transmitting when transmission power | requirements are low? Can they be reduced often enough to make it | worthwhile optimizing in this way? It's tough to make any definitive statements, but note that there are phones that hold a couple of hundred MP3-compressed songs. Understandable speech takes much less than that. (As I recall, 8Kbit/second is enough if all you need is to understand what is being said, not recognize the speaker. The processing power to do this is pretty small on today's scale of things.) If I were doing this, I'd transmit under two conditions: A really close cell tower (which allows you to crank the transmit power way down - something phones do anyway) and, even better, while recharging. The latter would be particularly pernicious: If you wait a couple of minutes after the phone goes into the charger, it's highly unlikely anyone will be looking at the phone, you can transmit without draining the battery, and on most phones you won't even affect the charge time by all that much - not that the victim is likely to notice, since most people have no idea how long it actually takes to charge their phone: They stick it into the charger at some convenient time, and pull it out at some later convenient time. Another advantage the attacker has in this scenario is that he can transmit when he can get away with it and reassemble the pieces at leisure. A normal phone conversation has to be done in one long stretch, which forces the phone to continue to receive in and transmit even when conditions are highly unfavorable. You could combine with with lower-than-normal transmit power, on the assumption that the receiver could request a resend to fix up garbled data. -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 11:26 AM 12/9/2006, Daniel F. Fisher wrote: Ian Farquhar (ifarquha) wrote> The other problem for this technique is battery life. Suppose this worked by recording from mic to memory and then transmitting later. This leads to a bunch of questions: By what factor could transmission time/power be reduced sending such a recording later? How many minutes could a typical phone buffer? How much does a typical conversation compress? Are such algorithms within the power of a typical phone's processor? How much power is used in recording to memory and compressing? Cell phones already compress voice, to reduce spectrum needs, and that's done in hardware rather than wasting CPU. If the phone's design is sufficiently general, it can easily grab the compressed voice bits and store them in memory instead of transmitting (assuming there's enough memory, which isn't necessarily the case.) Voice compression rates are typically 5.6 - 6.5kbps, or 13 on some GSM flavors, and you may gain a bit from silence suppression depending on whether the microphone can adequately hear the other speaker. If the phone doesn't have data networking features, or only has the slow types (CDPD, etc.) used to handle text messages, there's probably no big advantage to doing this. But if you've got faster data service, say 50-60kbps or the newer ~~200-300kbps stuff, then you can transmit faster than real-time speech, and if you can buffer enough data, say 1 MB for 20 minutes of talk time, you might save some battery. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
Ian Farquhar (ifarquha) wrote> The other problem for this technique is battery life. Suppose this worked by recording from mic to memory and then transmitting later. This leads to a bunch of questions: By what factor could transmission time/power be reduced sending such a recording later? How many minutes could a typical phone buffer? How much does a typical conversation compress? Are such algorithms within the power of a typical phone's processor? How much power is used in recording to memory and compressing? Can transmission power requirements be reduced by transmitting when transmission power requirements are low? Can they be reduced often enough to make it worthwhile optimizing in this way? -Dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: cellphones as room bugs
The other problem for this technique is battery life. Let's assume we can shove a firmware update/hack/whatever into the phone to enable snooping, it's still transmitting when acting as a bug. Even if this feature is only enabled when the phone is geolocated somewhere "interesting", the reduction in battery life is going to be significant. If your phone has a standby time of days, and you're used to shoving it on the charger rarely, then suddenly you're doing it several times a day, you're going to notice. Even if you are the dumb, stupid criminal the government likes to tell us that surveillance always catches. I suppose that it could be argued that you could use silence detection etc. to reduce power used, but most phones are pretty aggressive at power saving already. I doubt there are huge savings to be made which haven't been implemented already. Ian. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taral Sent: Monday, 4 December 2006 2:26 PM To: [EMAIL PROTECTED] Cc: John Ioannidis; cryptography@metzdowd.com Subject: Re: cellphones as room bugs On 12/3/06, Thor Lancelot Simon <[EMAIL PROTECTED]> wrote: > It's been a while since I built ISDN equipment but I do not think this > is correct: can you show me how, exactly, one uses Q.931 to instruct > the other endpoint to go off-hook? That's the same question I have. I don't remember seeing anything in the GSM standard that would allow this either. -- Taral <[EMAIL PROTECTED]> "You can't prove anything." -- Gödel's Incompetence Theorem - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sun, Dec 03, 2006 at 09:26:15PM -0600, Taral wrote: > That's the same question I have. I don't remember seeing anything in > the GSM standard that would allow this either. > I'll hazard a guess: mobile providers can send a special type of message (not sure if it would be classed as an SMS) with various settings for your phone. They do that, for example, to set the GPRS settings. IN many phones, one of the possible settings is to automatically answer the phone, without ringing (the feature is used in some of the hands-free settings). The user would probably notice that the phone is in use, but there may be some other trick around that. /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
On 12/3/06, Thor Lancelot Simon <[EMAIL PROTECTED]> wrote: It's been a while since I built ISDN equipment but I do not think this is correct: can you show me how, exactly, one uses Q.931 to instruct the other endpoint to go off-hook? That's the same question I have. I don't remember seeing anything in the GSM standard that would allow this either. -- Taral <[EMAIL PROTECTED]> "You can't prove anything." -- Gödel's Incompetence Theorem - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
Thor Lancelot Simon <[EMAIL PROTECTED]> writes: >It's been a while since I built ISDN equipment but I do not think this is >correct: can you show me how, exactly, one uses Q.931 to instruct the other >endpoint to go off-hook? You make use of the undocumented remote management interface [0]. Peter. [0] Buffer overflow bug in the packet header parsing code. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 10:21 AM 12/2/2006 -0500, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. http://news.com.com/2100-1029_3-6140191.html Cellphones maintain contact with cell towers, so they can be roughly tracked on the ground too, even when you are not talking. With GPS being embedded this may become much more accurate. As an amusing aside, for a while someone was accidently calling my land line with their cell phone. You could hear them driving around, with the usual car noises, and sometimes the radio on too. Occasionally I heard them in conversation with someone else. This went on for months. - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sun, 3 Dec 2006 20:26:07 -0500 Thor Lancelot Simon <[EMAIL PROTECTED]> wrote: > On Sat, Dec 02, 2006 at 05:15:02PM -0500, John Ioannidis wrote: > > On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote: > > > > > > Quoting: > > > > > >The FBI appears to have begun using a novel form of electronic > > >surveillance in criminal investigations: remotely activating a > > >mobile phone's microphone and using it to eavesdrop on nearby > > >conversations. > > > > Not very novel; ISDN phones, all sorts of digital-PBX phones, and > > now VoIP phones, have this "feature" (in the sense that, since > > there is no physical on-hook switch (except for the phones in > > Sandia and other such places), it's the PBX that controls whether > > the mike goes on or not). > > It's been a while since I built ISDN equipment but I do not think this > is correct: can you show me how, exactly, one uses Q.931 to instruct > the other endpoint to go off-hook? > I don't recall if it's Q.931 per se, as much as the CO. Or rather, I know for certain that various government security agencies were quite unhappy about ISDN phones with speakerphone capability being deployed in sensitive sites. The speaker button was not, as I understood it, a hard button; it was a soft button that the switch responded to. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sat, Dec 02, 2006 at 05:15:02PM -0500, John Ioannidis wrote: > On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote: > > > > Quoting: > > > >The FBI appears to have begun using a novel form of electronic > >surveillance in criminal investigations: remotely activating a > >mobile phone's microphone and using it to eavesdrop on nearby > >conversations. > > Not very novel; ISDN phones, all sorts of digital-PBX phones, and now > VoIP phones, have this "feature" (in the sense that, since there is no > physical on-hook switch (except for the phones in Sandia and other > such places), it's the PBX that controls whether the mike goes on or > not). It's been a while since I built ISDN equipment but I do not think this is correct: can you show me how, exactly, one uses Q.931 to instruct the other endpoint to go off-hook? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. BTW, its easy to thwart this, even without removing the battery as recommended: just place a shorted jack into the phone's mic/headset plug. These plug's use an physical-electrical contact switching method to shunt the audio so the software AFAIK can route around it. Steve - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. This technique was pioneered by some criminals (drug, I think) that would 'forget' their cell phones in police cars to they could listen in on them. Steve - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote: > > Quoting: > >The FBI appears to have begun using a novel form of electronic >surveillance in criminal investigations: remotely activating a >mobile phone's microphone and using it to eavesdrop on nearby >conversations. Not very novel; ISDN phones, all sorts of digital-PBX phones, and now VoIP phones, have this "feature" (in the sense that, since there is no physical on-hook switch (except for the phones in Sandia and other such places), it's the PBX that controls whether the mike goes on or not). I've always wondered what legitimate use the ability to turn on the microphone of a *mobile* phone remotely was. No mobile telephony company has ever advertised this as a feature. /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]