Wednesday, June 27, 2007

Backdoors in CISCO devices and routers

Could Your VoIP Phone Be Tapped?

FBI: putting a backdoor in every router soon?

How nice. The FCC wants "a "back door" be built into all Internet-communications hardware and software to provide access for law enforcement agencies".

The FBI wants all future routing equipment manufactured to include backdoors for law enforcement. Like in CALEA, such back doors require no warrant to activate, and hence can be secretly enabled at will.

And there are reports that CISCO is already doing it with its routing equiptments.

So may be we can used the routers based on linux.... heres the link

These companies will be given 18 months time to comply and moreover the cost of this will be passed on to the consumers, we are paying for being able to spied upon us!!

EFF and a coalition of public interest, industry, and academic groups filed suit in 2005 challenging the Federal Communications Commission's (FCC) unjustified expansion of the Communications Assistance for Law Enforcement Act (CALEA). By forcing broadband Internet and interconnected voice over Internet Protocol (VoIP) services to become wiretap-friendly, the FCC ignored CALEA's plain language and threatened privacy, security, and innovation.

The FCC's final rule, issued on August 5, 2005, would extend CALEA to all Internet-based communications, according to EFF Chairman Brad Templeton, who spoke at Emerging Telephony Conference here, sponsored by O'Reilly Media. Once the FCC issues a final rule, vendors have 18 months to comply with it.

So guys we dont have any security over internet, we hav US Govt, NSA spying over it all the time.BEWARE..!!

The story starts long ago but for our purpose we can pickup the thread in 1998. Lets us just consider The United States: US companies wanting to export Network related equipment and software were restricted before that time by USA laws to only being able to export low (easily breakable) encryption products. Where as customers abroad demanded high encryption products. US government (read here National Security Agency i.e. NSA – the spy agency for USA) required that to be able to export high encryption products the product makers should either give a key (to be able to read all the encrypted information) to them or provide alternate means to be able to read this information. In a landmark deal which was agreed by 13 major manufacturers of hardware/software (these include: Ascend, Bay Networks, Cisco Systems, 3Com, Hewlett-Packard Company, Intel, Microsoft, Netscape Communications, Network Associates, Novell, RedCreek Communications, Secure Computing and Sun Microsystems) agreed to build in a private doorbell in the products they made which on a command from NSA – so to say, flicks a “network control switch”, that makes the product surreptitiously record everything you type or do online before it is encrypted (e.g. a Cisco router software begins to surreptitiously record everything you type or do online). That information is bundled into a file that can be sent or picked up by NSA. Please note this was solution arrived at in mid-1998. In last four years we don’t know what other means have been developed to collect the information at will by NSA.

1 comment:

Anonymous said...

would it help if i install dd-wrt on cisco routers?