GCHQ-developed Phone Security Contains Backdoor | Hacked: Hacking Finance
user

GCHQ-developed Phone Security Contains Backdoor

Introduction

Justin OConnell

Justin OConnell

Justin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.


LATEST POSTS

ICO Analysis: Agrello Self-Aware Contracts 14th July, 2017

ICO Analysis: Everex Capital Transfer System 11th July, 2017

Cybersecurity

GCHQ-developed Phone Security Contains Backdoor

Posted on .
This article was posted on Saturday, 03:34, UTC.

In recent months, we’ve learned governments believe there should exist backdoors in tech’s biggest products. We’ve also learned, recently, they’re no hypocrites: the UK government’s official voice encryption protocol has a glaring backdoor allowing security services to eavesdrop, according to new research. The UK government planned to build an assortment of products based on the technology, but this might be under review considering the findings of one cybersecurity expert.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

University College London cybersecurity expert, Dr Steven Murdoch, wrote a blog post regarding the MIKEY-SAKKE spec of the UK government’s phone security software, which he conjectures was designed to “allow undetectable and unauditable mass surveillance.” While Murdoch conjectures the backdoor was designed intentionally, this has not been confirmed, and could be an oversight by government developers.

According to Dr Murdoch, the “vast majority of cases” in which the technology would be used could be “actively harmful for security.” Thus, while using the technology, users could see their personal data and past conversations leaked to hackers.

“The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers,” Murdoch wrote.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

 The project stems from the Internet Engineering Task Force (IETF), a division of Britain’s Government Communication Headquarters (GCHQ),  in 2012, and celebrated by the government as featuring a  “number of desirable features, including simplex transmission, scalability, low-latency call setup, and support for secure deferred delivery”. The system was designed with “a desire to allow undetectable and unauditable mass surveillance.” How does it make users vulnerable? 

It creates a vulnerable single point of failure, which would require huge effort, skill and cost to secure – requiring resource beyond the capability of most companies.

Using the EFF’s security scorecard, Murdoch determined that MIKEY-SAKKE meets just one of the four key elements for protocol design. The manner in which the protocol incorporates encryption keys means a telecom provider could initiate a man-in-the-middle attack without victims knowing. Hackers could decrypt conversations over the network.

The UK’s Communications Electronics Security Group (CESG) has pushed a similar approach in recent months, incorporating such eavesdropping tech into a product called Secure Chorus. MIKEY-SAKKE does not effort to protect the identity of users, as the metadata provided by calls can link locations and identities. The backdoor can then allow a hacker to access past and present phone calls.

“Also calls which cross different network providers (e.g. between different companies) would be decrypted at a gateway computer, creating another location where calls could be eavesdropped,” Murdoch said. The design of the system’s crypto protocol means past calls can be decrypted. 

“While the GCHQ protocol was explicitly stated to support key escrow to facilitate law enforcement and intelligence agency access, this controversial aspect has not been included in the description of MIKEY-SAKKE and instead the efficiency over EDH is emphasised,” Murdoch states about the UK history of such espionage.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Justin OConnell

Justin OConnell

http://www.cryptographicasset.com

Justin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.

There are no comments.

View Comments (0) ...
Navigation
The team:
Dmitriy Lavrov
Analyst
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Founder
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
Mate Csar
Analyst
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Analyst
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Analyst
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Journalist
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
Google wants to keep the Islamic State (Isis) off the internet…