Discussion:
Can ATT TSD 3600-E Be Made More Secure?
(too old to reply)
W
2015-07-17 14:43:40 UTC
Permalink
The ATT TSD 3600-E is a box that goes between a handset and the telephone on
a normal land line phone. Over the analog phone network, it can establish
"secure" calls when each party to the call presses a secure button on the
box. Apparently this device uses the failed "Clipper Chip" so in fact it
has questionable security. However, a researcher "cracked" the Clipper
Chip and showed how you could make the device much more secure. The
3600-E is being sold at $50/unit because no one believes it is secure.
Does anyone know if there is an easy to use way to implement the change that
makes the device secure?

My application for this is talking to an aunt whose local phone switch is
apparently tapped into by hackers. Every time I am on the phone with her
some guy comes on the line and starts harassing her or drops the call. I
am so annoyed by this and I just want a simple way to lock the idiot out of
the call.
--
W
Doug McIntyre
2015-07-18 15:08:05 UTC
Permalink
Post by W
The ATT TSD 3600-E is a box that goes between a handset and the telephone on
a normal land line phone. Over the analog phone network, it can establish
"secure" calls when each party to the call presses a secure button on the
box. Apparently this device uses the failed "Clipper Chip" so in fact it
has questionable security. However, a researcher "cracked" the Clipper
Chip and showed how you could make the device much more secure. The
3600-E is being sold at $50/unit because no one believes it is secure.
Does anyone know if there is an easy to use way to implement the change that
makes the device secure?
No, they are cheap because they are obsolete. I assume the this paper
is to what you refer..

Matt Blaze, Protocol Failure in the Escrowed Encryption Standard

Which "more secure" means that he was able to disable the key escrow,
and create a hash collision for the firmware to load his patched
firmware into the device. It is doubtful that this info was published
or distributed further than the researcher.

Almost certainly, there is no procedure for anybody but the NSA
archives that could thoritically even get key escrow for these
devices, and even then, if you are worried about the NSA investigating you,
you'd want to worry about a whole lot more in your life than your
telephone calls to your Aunt.
Post by W
My application for this is talking to an aunt whose local phone switch is
apparently tapped into by hackers. Every time I am on the phone with her
some guy comes on the line and starts harassing her or drops the call. I
am so annoyed by this and I just want a simple way to lock the idiot out of
the call.
OOTH, it is highly doubtful anybody has hacked your Aunt's CO. A much
more likely scenario is her line pair has an "off-by-one" punch with
somebody else, causing cross-talk with somebody else nearby. Or the
insulation in the wire running through the neighborhood has degraded
causing a cross-talk situation with another subscriber. And that
subscriber is a jerk.

Having her call in a repair ticket that her line is having cross-talk
with another should probably get the phone company maybe to look at it.
--
Doug McIntyre
***@themcintyres.us
W
2015-07-19 09:26:23 UTC
Permalink
Post by Doug McIntyre
Post by W
The ATT TSD 3600-E is a box that goes between a handset and the telephone on
a normal land line phone. Over the analog phone network, it can establish
"secure" calls when each party to the call presses a secure button on the
box. Apparently this device uses the failed "Clipper Chip" so in fact it
has questionable security. However, a researcher "cracked" the Clipper
Chip and showed how you could make the device much more secure. The
3600-E is being sold at $50/unit because no one believes it is secure.
Does anyone know if there is an easy to use way to implement the change that
makes the device secure?
No, they are cheap because they are obsolete. I assume the this paper
is to what you refer..
Matt Blaze, Protocol Failure in the Escrowed Encryption Standard
Which "more secure" means that he was able to disable the key escrow,
and create a hash collision for the firmware to load his patched
firmware into the device. It is doubtful that this info was published
or distributed further than the researcher.
Almost certainly, there is no procedure for anybody but the NSA
archives that could thoritically even get key escrow for these
devices, and even then, if you are worried about the NSA investigating you,
you'd want to worry about a whole lot more in your life than your
telephone calls to your Aunt.
You make a good point, but based on this maybe the 3600 E - with its
security flaws intact - is still a fine tool for such a simple application?
Unlikely anyone is going to invest the time to hack you unless you have high
value information. Probably only the government can get access to the
call, and as you say if you are trying to avoid the government you have
bigger problems.

--
W
Doug McIntyre
2015-07-19 16:16:19 UTC
Permalink
Post by W
You make a good point, but based on this maybe the 3600 E - with its
security flaws intact - is still a fine tool for such a simple application?
Unlikely anyone is going to invest the time to hack you unless you have high
value information. Probably only the government can get access to the
call, and as you say if you are trying to avoid the government you have
bigger problems.
I would think so. While Clipper had its' flaws, it still does
encryption. And general joe public isn't going to be able to undo it,
the obsecurity now puts its' escrow keys pretty distant into a realm
where most wouldn't worry about it.

Certainly not nosy neighbor jerk who is accidently cross-connected to
your Aunt's phone line.
--
Doug McIntyre
***@themcintyres.us
Loading...