back to article For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher

The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered. Dr Steven Murdoch of University College London has posted an …

  1. btrower

    Need to up the cost

    As long as these weasels incur zero penalty for attempting to rip us off like this, they will continue trying. The solution is simple enough. Clarify the law and make it a criminal offense to attempt to disturb the commons like this.

    1. Anonymous Coward
      Anonymous Coward

      Re: Need to up the cost

      While reading this, it's easy to imagine hearing "Sieg Heil!" being yelled in the background.

      Scary.

    2. Wzrd1 Silver badge

      Re: Need to up the cost

      When I was with the US DoD, encryption keys were issued by DISA, save for certain communication keys, which came from the NSA.

      Isn't it handy to know that one's own government communications aren't being used against that government?

  2. Anonymous Coward
    Anonymous Coward

    VPN

    IPSEC and OpenVPN are long established VPN technologies. If you want encrypted voice, then use them (carefully.) You are more likely to be secure than rubbing snake oil on the blower.

    1. The Original Steve

      Re: VPN

      Voice over a VPN? Last thing you would ever want is RTCP being compressed and encrypted at such a low layer.

      You're not a SIP guy are you?! ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: VPN

        Why you worried about RTCP being compressed, you don't even need it? RTP or SRTP maybe but RTCP? Really?

  3. a_yank_lurker

    Clueless

    What is puzzling is how many Western "intelligence" agencies want to drown in useless data. It seems like they all want slurp all communications without considering that 99.99..9% is absolutely not germain to terrorist or criminal activity even most of the communications by terrorists and criminals is going to be of the more mundane ordering a pizza for delivery type.

    1. GrumpyOldBloke

      Re: Clueless

      Not yet. Squeeze a little harder with the austerity packages. Wait until people are watching their children freeze or starve to death so that bank bond holders can be bailed out again and that 99% figure starts decreasing. The actions the government are taking now are for events a decade away.

      1. adnim

        @Grumpy Re: Clueless

        Some people are not old enough nor grumpy enough to see this.

        Have an up to counter the down.

    2. xeroks

      Re: Clueless

      Hmm, the article says the protocol clearly exposes the meta data. Storing and analysing this should be sufficient to prevent GCHQ from 'drowning in data' whisly remaining in the know about who to keep a closer eye on.

    3. P. Lee

      Re: Clueless

      >they all want slurp all communications without considering that 99.99..9% is absolutely not germain to terrorist or criminal activity

      You think that's what it's for?

      It is really for stopping things like the MP's expenses scandal, where those involved aren't really prepared to move to Russia to avoid being made to disappear.

      Terrorist attacks generally increase government support. What's not to like about that?

      1. Benchops

        Re: Clueless

        cat /dev/slurp | grep terraced

    4. Jimmy2Cows Silver badge
      Coat

      Not germane to terrorist or criminal activity...

      The God-damn Germans got nothin' to do with it!

      Where's Sheriff Buford T. Justice when you need him? Ah, here he is:

      https://www.youtube.com/watch?v=cyWVPHoFGJA

    5. Chris 244
      Pint

      Re: Pizza for delivery

      Guzman was busted after his lackeys ordered tacos for delivery. Dos cervesas frias por favor.

      http://www.telegraph.co.uk/news/worldnews/centralamericaandthecaribbean/mexico/12108746/Chapo-Guzmans-taco-order-led-police-to-his-door.html.

      1. Anonymous Blowhard

        Re: Pizza for delivery

        According to this he was arrested after ordinary people, the kind you piss off with mass surveillance, reported "armed people" in a nearby property; the rest seems to have been "proper police work" i.e. stake out the house and wait:

        https://en.wikipedia.org/wiki/Joaqu%C3%ADn_Guzm%C3%A1n#Third_capture:_2016

        Governments always seem to come up with spurious cases to justify mass data slurping, but the actual facts tend to dispute the bullshit.

    6. John Smith 19 Gold badge
      Gimp

      @a_yank_lurker

      "It seems like they all want slurp all communications without considering that 99.99..9% is absolutely not germain to terrorist or criminal activity "

      Oh dear. : (

      This has nothing to do with the story they tell their political "masters" to get funding.

      Data fetishists collect data because they believe more is always better.

      It's not a policy, it's a disease.

      1. Wzrd1 Silver badge

        Re: @a_yank_lurker

        Not at all, slurp all, catch some oversight politician having an affair that would be embarrassing and your budget is guaranteed forever.

        The NSA learned it from the CIA, who learned it from J Edgar Hoover's FBI, who set up the largest house of prostitution in D.C. Complete with tape recorders and cameras hidden behind the walls.

    7. fajensen
      Black Helicopters

      Re: Clueless

      .... absolutely not germain to terrorist or criminal activity ....

      Oh. Lets ask the question: What are the threats and opportunities faced by the "intelligence" services?

      Opportunities: Terrorism, organised crime, paedophiles .... politicians doing something they shouldn't

      Threats: Politicians with real clout finding out that the "intelligence" services isn't actually very intelligent or competent and consistently have missed pretty much *every* major world-changing event(!) resulting in budget cuts and dismissals.

      Solution: Spy on the politicians and the Civil Service, get some Dirt on Them before they do US.

      Bonus: While "intelligence" are all busy doing that, the "Opportunities" will grow all on their own.

      "They" actually wanted to engineer a pre-emptive attack on (at least) the Civil Service and Parliament, by pushing a back-doored "secure" communication protocol onto them disguised as "The most secure kit our boffins could come up with, Sir". Nice one.

  4. Will Godfrey Silver badge
    Facepalm

    If it walks like a duck...

    and quacks like a duck...

  5. Anonymous Coward
    Megaphone

    One!...More!!..TIME!!!...

    "such a significant backdoor, it is perhaps less surprising when you consider who developed the spec: the information security arm of the UK listening post GCHQ"

    Once again, I am compelled to point out that tasking sigint agencies with the additional responsibility of being their national cybersecurity champions contains a built-in paradox. The GCHQ (and the NSA) came into existence to penetrate communications, not secure them. The GCHQ's (and the NSA's) masters value intercepted data a lot more than protected data. The GCHQ's (and the NSA's) customers will be far more likely to ask "What have you intercepted today?" versus "How well did you protect XYZ's financial/healthcare/communications data today?" The GCHQ's (and the NSA's) overseas sigint partners would raise Hell with the agency's leadership if somebody at the GCHQ (or the NSA) actually did something that secured significant portions of national or international data traffic. People at the GCHQ (and the NSA) get recognition and promotions for providing new ways to compromise IT and telecoms security--not for finding new ways to secure it from compromise, especially when said compromise is often authored within house or by these overseas partners.

    The GCHQ's (and the NSA's) culture has fully absorbed these facts, and the chances of this agency actually generating REAL IT security are next to nil, as long as the real mission of the agency remains focused on "What did you get for me today?" versus "How did you protect our country's data and telecoms infrastructure today?"

    GET THESE AGENCIES OUT OF THE CYBERSECURITY BUSINESS!!!!

    1. Mark 85

      Re: One!...More!!..TIME!!!...

      While that's an excellent idea, the way things are now the implementation would put 2 agencies in direct opposition to each other and neither would do anything of note except squabble, blame each other for failures, and waste massive amounts of tax dollars. Come to think of it, we (the US) does have a cybersecurity military command that's pretty useless due to manpower.

      While I'm against blanket snooping, trolling, etc. I could see that this could be used WITH a subpoena much like a wire-tap back in the analog phone days. It would make massive slurps unnecessary and only allow the court (court, not a politician) to approve it. If the agencies had to pinpoint who they were listening to and justify it, then it might be a better use of their assets. As it is now, meh.... waste of time and money.. too much data, too little payback.

      If the pinpoint snooping (subpoenaed wire taps) were permitted, then maybe a cybersecurity agency would work if the agency could afford to hire decent people.

      1. asdf

        Re: One!...More!!..TIME!!!...

        >While I'm against blanket snooping, trolling, etc. I could see that this could be used WITH a subpoena

        You think the Russians care about a US or UK subpoena? Keep thinking only your countries Intel agencies will have access to any back door.

        1. John Smith 19 Gold badge

          asdf

          "You think the Russians care about a US or UK subpoena? Keep thinking only your countries Intel agencies will have access to any back door."

          Indeed.

          It's not the details of the backdoor that matter.

          It is the fact that a government mandated exists at all.

          And once enough back ground knowledge exist finding it won't be that hard.

      2. Anonymous Coward
        Unhappy

        Re: One!...More!!..TIME!!!...

        @Mark 85

        You just illustrated my point. Who runs (and funds) the inadequately resourced U.S. Cyber Command? The NSA--that's who. So you already have two agencies that are at odds, except that one of the agencies is directed by it's opposition and is therefore the red-headed stepchild that never gets anything done.

        In reality, the NSA's principal cybersecurity mission is to make sure that nothing prevents the NSA or it's overseas partners from penetrating worldwide data infrastructure on a practically at-will basis. In short, the mission is continued cyber-insecurity.

        1. Wzrd1 Silver badge

          Re: One!...More!!..TIME!!!...

          "The NSA--that's who. So you already have two agencies that are at odds, except that one of the agencies is directed by it's opposition and is therefore the red-headed stepchild that never gets anything done."

          Odd, when I drove past cybercommand every day back and forth from work, they seemed to be doing quite well for themselves. Regular deliveries, plenty of people coming and going and all quite happy when at the local fast food joint.

          Apparently, you've no military experience, so let me suggest that a division does not starve its brigades of funding, otherwise, it fails its missions every time.

          The NSA is part of the US DoD and its mission is primarily military.

      3. Anonymous Coward
        Anonymous Coward

        Re: One!...More!!..TIME!!!...

        Antagonistic processes are the way of life, checks and balances are built on them. Offices are full of them.

        The big issue that really annoys me, is that GCHQ staff are vetted by the NSA, so over time, they have been shaped. So a protocol with a hidden key escrow, is more likely to be hidden from Parliament than the NSA.

        So its concerning that they'd push that as 'Government grade'.

        I also think a lot of extra features on encryption are the problem to adoption. Encryption should be encryption, nothing else. Currently lots of the certs I'm getting are fake, a consequence of using a "C" word in a country under a "C" leader. I would have to accept the fake cert to allow send, because some idiot likes identification and encryption.

        1. nematoad

          Re: One!...More!!..TIME!!!...

          "So its concerning that they'd push that as 'Government grade'."

          Not at all. It fits the government's requirements exactly. That is, a bloody great hole in the system so that they can trawl through whatever they like, whenever they like.

          So it's fit for purpose. The only snag it is not your purpose they have designed this for, it's theirs.

          1. NotBob

            Re: One!...More!!..TIME!!!...

            So "Government grade" is the new "export grade"?

    2. JohnMurray

      Re: One!...More!!..TIME!!!...

      They seem, from this article and their actions, to not be in the cyber-security business.

      They seem to be in the cyber-INsecurity business.

    3. phuzz Silver badge

      Re: One!...More!!..TIME!!!...

      CESG is *supposed* to be a separate wing of GCHQ, which advises the rest of the government (and industry) on computer security. They're linked because being close to the people who break security for a living should give one insights into what the opposition are capable of.

      Perhaps it's about time CESG were spun out a bit further away from GCHQ, especially as they are presumably encouraging government departments to use MIKEY-SAKKE, which is counter-productive to say the least.

      It doesn't make much difference for the rest of us as most people won't use any encryption, and if you are, why the hell would you use and encryption scheme promoted by a government?

    4. Wzrd1 Silver badge

      Re: One!...More!!..TIME!!!...

      Actually, the NSA has always been tasked with electronic spying *and* securing US DoD traffic from snooping. It's why they hire the most mathematicians in the world, to crack codes and create difficult to impossible to crack code.

      Every bit of crypto kit I had, back when I was in the business of shooting and blowing people up, had NSA crypto keys. We knew that the NSA kept a copy and could listen in if something was amiss and we really didn't care.

      We *would* care if the NSA was snooping on Congress, as then, they'd be seen to be attempting to undermine their oversight.

      Our keys for network services, such as SSL and our CAC cards came from DISA, rather than the NSA and DISA retained a copy. That came in handy when one's encryption key was expired and replaced, as one could retrieve that key and decrypt old messages.

      Now, I can't speak on how the GCHQ does things on Landing Strip One, province of Oceania.

  6. batfastad

    WTF

    Regardless of the presence of a deliberate or accidental backdoor, do they actually think this would catch on? But... it's an RFC!

    I mean really, what a complete and utter waste of our money and a group of poor tossers' time.

  7. gollux

    Cure for that...

    Exploit it hard and exploit it often, make everything intercepted public.

    That way the playing field can be level instead of only of use for governmental and industrial espionage.

    1. JohnMurray

      Re: Cure for that...

      You forgot: make use of their product mandatory!

  8. Anonymous Coward
    Unhappy

    MIKEY-SAKKE PISSY-TAKKE

    (no text)

    1. yaxxbarl

      Re: MIKEY-SAKKE PISSY-TAKKE

      Surely MIKEY-TAKKE?

      I must admin there is much punning possibilities with this.

  9. Steve Knox

    "government-grade security"

    After considering the effectiveness of government in other areas, I see no contradiction here.

  10. JaitcH
    FAIL

    If this is "government-grade security."

    who can blame the Chinese, et al, for listening?

    The fact GCHQ even tried to fob this off illustrates how dumb GCHQ is and how bereft of ideas they are.

    And this is bleeding-edge cyberwarcraft?

    1. TonyJ

      Re: If this is "government-grade security."

      "...The fact GCHQ even tried to fob this off illustrates how dumb GCHQ is and how bereft of ideas they are..."

      Does it really though?

      Make a lot of noise at the front door whilst someone quietly slips through the back door when no one is paying attention springs to mind.

      In this case, hold up a broken protocol for the world to ridicule and laugh into your brandy whilst the world keeps using the others that they don't realise are broken.

      Or they could just be dumb :)

  11. Christian Berger

    They all have the same flaw...

    ... they require your VoIP provider to support this for you. They need to add additional code to allow you to use it. Plus they only work via current VoIP so whatever the next generation of networks will be, it won't work.

    It would be a lot smarter to use inband signalling of encryption. Essentially when you make a call, your user agents would use steganography to negotiate the cryptographic key, then they would alert you that the key has been established and encrypt your voice data. Since virtually all VoIP connections are bit transparent... even when going out to ISDN and increasingly GSM, this is very feasible. The additional benefit is that this would work regardless of what network you are connected to and it would work without your VoIP provider even knowing.

    There is no reason why intermediate points should even know about end to end security.

    1. Charles 9

      Re: They all have the same flaw...

      What's to stop a man in the middle from identifying and/or mangling the stego?

      1. John Robson Silver badge

        Re: They all have the same flaw...

        It's VoIP - That rather implies an IP connection, so why not use an out of band crypto key exchange?

      2. Christian Berger

        Re: They all have the same flaw...

        "What's to stop a man in the middle from identifying and/or mangling the stego?"

        That's a general problem of cryptography. Some people claim it can be solved by public key infrastructures... which has been proven to be wrong. Some people claim this can be solved by a web of trust... which has its own problems...

        So what can you do against "man in the middle"? Well maybe you can exchange some credentials previously by displaying a QR code on the screen, and scanning it with another phone. Or you could display some numeric/letter code during the phone call and ask the people to read it out loud. Faking that would mean faking the voice which adds another difficult step in the process.

        In any case, the idea behind this is that even bad crypto is better than no crypto, since it increases the effort from just sniffing to actually doing a man in the middle attack.

        1. Charles 9

          Re: They all have the same flaw...

          That still leaves the matter of the First Contact problem, where the parties have never met before. Plus, a resourceful adversary like a state can probably punch through an encrypted conversation almost as easily as an unencrypted one, making bad crypto worse than no crypto because it leads to a false sense of security.

    2. tom dial Silver badge

      Re: They all have the same flaw...

      " ... no reason why intermediate points should even know ... "

      In the US, federal law requires that telephone communications be tappable by law enforcement agencies under warrant. I suspect there is a similar law in the UK and most other countries and that partly explains the characteristics of MIKEY-SAKKE. That means, of course, that telephone communications also are tappable without a warrant; to do so merely violates the law.

      That was the reason for the Clipper chip and its key escrow arrangement. We pushed back against that twenty or so years ago, and it died from that as well as implementation flaws, leading to 20+ years in which the privacy and security of telephone calls was lower, and unlawful wiretapping, including by law enforcement authorities, was much easier.

      I occasionally have wondered what happened to PGPhone.

  12. agatum
    WTF?

    > The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products

    Assuming 'product' refers to 'something we all want to use' like toothpaste or car: at the current state of affairs, who in their right mind would ever even consider using 'ecosystem of products' brought to you by one of the most draconian governments in the EU?

  13. JohnMurray

    Ooppss.......

    http://www.theregister.co.uk/2016/01/20/human_rights_court_rules_mass_surveillance_illegal/

  14. werdsmith Silver badge

    The system would also allow a third party to unencrypt past and future conversations.

    I knew they had some clever tech engineers there, but I thought time travel was beyond even them.

    Very impressive.

    1. Jemma

      Either that or King Arthur is the department manager...

    2. Whitter
      Joke

      Impressive powers

      I particularly liked "it does not allow for people to be anonymous or to verify the identity of the person they are talking to."

      Is it only me that isn't allowed to be anonymous then?

    3. TeeCee Gold badge
      Facepalm

      I think you'll find that the idea there is to make it obvious that the ability to decrypt is inherent in the standard and permanent. Changing keys/passwords/whatever won't shut the buggers[1] out.

      [1] In every sense.

  15. Anonymous Coward
    Anonymous Coward

    Turn it around

    This would allow one ISIS sympathiser in the company to eavesdrop on all past conversations of a target in order to plan better.

  16. smudge
    Big Brother

    Am I missing something?

    It's an encryption system for intra-Government use. Of course they're going to ensure that they can listen in. Why would anyone assume otherwise?

    From the RFC: "The Initiator and the Responder trust a third party, the KMS, which provisions them with key material by a secure mechanism."

    Now who do you think that will be?

    1. Yet Another Anonymous coward Silver badge

      Re: Am I missing something?

      Well if the history of Britain's security services is to be believed - probably the KGB

  17. Huns n Hoses

    Seeing as GCHQ built it, some of us would be surprised if there was no backdoor.

    1. TeeCee Gold badge
      Holmes

      My thoughts entirely.

      The most vociferous proponent of ensuring that there are backdoors in encryption protocols is building encryption protocols with backdoors in?

      Did the sun come up today as well?

    2. vmistery

      If no one had found one I'd just assume that they had hidden it well!

  18. KitD

    Signal

    > There is increasing demand for voicecall encryption. Unlike instant messaging, which effectively allowed companies to start from scratch and so has resulted in a number of highly secure products, phonecalls run over older infrastructure and almost always pass through telecom companies, usually in an unencrypted form (although the information may be encrypted while in transit).

    As I'm sure you're all aware, Signal from OpenWhisper Systems [1] is the best answer ATM, folks.

    Uses ZRTP which the table shows as ticking all the boxes. Integrates with existing phone/text functionality on your phone, but switches to secure version automatically if the other user is also using Signal.

    IME, it just works.

    [1] - https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_GB

    - https://itunes.apple.com/gb/app/signal-private-messenger/id874139669?mt=8

  19. GrumpyOldMan

    Same old, same old...

    Amazes me everyone sounds surprised. Par for the course now isn't it? I just assume I'm being spied on 99.99 of the time. And I'm not sure about the other 0.01%. Dunno why. My life is pretty dull at the moment.

  20. charlie-charlie-tango-alpha
    Black Helicopters

    of course it will work

    Anyone remember PGP for HMG? Now that went down well.

  21. Stevie

    Bah!

    Well stap me vitals! This is a turn up for the books. I never saw that coming.

  22. Luke Worm
    Happy

    "Government-grade security"

    I just love the real meaning of this phrase. Can't stop laughing ...

  23. Anonymous Coward
    Anonymous Coward

    Imagine...

    Just imagine if the Government found out, that they could just kill everyone and if they did, nobody would oppose their rule anymore... Surely they'd consider it.

  24. John Smith 19 Gold badge
    FAIL

    In all seriousness what will the UKG *really* be using for it's voice calls?

    Because it surely can't be this PoS.

    I note that the Joint Speech Research Unit (part of the GPO IIRC but bound to have links to GCHQ) was doing voice over 2400bps in the 1950s

    I would not underestimate their technical skills.

    However what they are applied to is down to their PHB's.

    It's the difference between British soldiers and the MoD.

    One group is highly professional and focused, and the other group tells them what to do.

  25. Badvok
    Pirate

    MIKEY-SAKKE are they TAKKING THE MIKEY?

    See title.

  26. staringatclouds

    OK, this means that mobile phone makers will end up making 2 models, a UK model with the gaping back door in security and one for rest of the world with proper security.

    So the UK mobile phone market will die on it's feet as people who actually care about security, businesses and so on, import phones from abroad.

  27. Anonymous Coward
    Anonymous Coward

    Backdoor? Frontdoor?

    Isn't it more of a frontdoor as it's clearly stated in the part of the publicly available spec?

    It's mandated for VOIP carrying classified calls but apart from that no one else has to use this unless they want the decrypt-users-calls "feature".

    Not saying it hasn't got issues/I'd want it, but just saying.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like