GPS for 911 calls

Thu Mar 8 06:06:27 CET 2007

On Wednesday 07 March 2007 10:14, Wolfgang S. Rupprecht wrote:
> I'm curious does anyone know if there is a protocol for remotely
> turning on the microphone?  I recall reading about a case where the US
> FBI got into trouble with the courts for remotely bugging a suspected
> Mafia member's Onstar gps-equipped car phone.
>
>     http://news.com.com/2100-1029-6140191.html
>
> While such a feature might be useful if the phone were ever stolen, it
> would also be nice to know that any features like this are under the
> phone owner's full control.
>
> -wolfgang

That's Onstar, which is has had this ability from the start (though "bugging" 
a car for Law Enforcement purposes wasn't the original intention IIRC). It's 
really no surprise whatsoever.

There isn't a specific documented protocol for phones that I'm aware of. But 
the way things work is that the Feds usually approach a manufacturer about 
putting in what's called "Lawful Intercept" hooks which basically enable such 
back doors. Representatives from Cisco, for example, have publically stated 
that they would go along with this, oh, about 8 years ago as I recall.

The main "carrot" which is provided is that the manufacturer will then be 
allowed to bid on Government contracts. Considering that the U.S. Government 
is the largest purchaser of IT equipment, this carries a considerable amount 
of weight with large corporations. But the protocols aren't publically 
documented. 

As far as cellphones go, it was revealed last December during the trial of one 
top Mafia honcho that the FBI had tapped his cellphone by remotely turning on 
his cellphone and recording his conversations. Supposedly this was by a hack, 
but the specifics weren't revealed. If memory serves, it was revealed that 
they had the ability to turn on the microphone even if the phone was off.
It was either slashdot or digg which carried this as I recall.

The Feds had apparently determined that this was easier, and less risky, than 
actually bugging his premises.

But this is really kind of old news. This sort of thing was discussed on the 
cypherpunk list 10 years ago.

For Open Source cellphones, all you have to do is to make certain the 
microphone circuitry is designed correctly if you want to prevent this. I 
haven't followed the hardware design here to see to see whether the phone is 
vulnerable to such an attack. Perhaps some of the OpenMoko developers would 
care to comment.

But I can tell you that some of the designs from the Silicon Valley Homebrew
Club will be resistant against such attacks. As well as other attacks. Indeed,
the GSM library that I'm working on (at http://libgsmc.sourceforge.net) is 
specifically designed to be resistant to various attacks from a compromised 
GSM chip (be it lawful intercept or the usual buffer overflows).

Indeed, the main topic at our third gathering was about security, at which I 
gave a talk.

    -dwight-