3000 Old Alabama Road Suite 119-434, Alpharetta, GA 30022-8555404-424-8202info@volpefirm.com

DOCSIS Security Illegal Wiretapping and Eavesdropping

Post 117 of 192

Wiretapping has Evolved

Before electronic eavesdropping there was just wiretapping.  When you think of wiretapping you may think of a guy in a box truck or apartment eating donuts with pizza listening in on endlessly boring phone conversations waiting to hear that one "Eureka" moment of important information.  The movie Casino comes to mind too.  The scene where Sam and Nicky have their wives talk on the phone first and then take the conversation over in timed intervals so that they can speak.

So what is wiretapping?  It is usually covert monitoring of phone and internet conversations / transmissions by a third party. Now a days they do not wire tap like they used to.  Back in the electronic stone ages (over 10 years ago) the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping is also called lawful interception by the Communications Assistance for Law Enforcement Act or commonly referred to as CALEA.

Electronic eavesdropping is the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties. Although many types of conversations may be subject to electronic eavesdropping, this post deals only with eavesdropping or wiretapping on broadband VoIP and VoIP in the digital home. There are countless laws on wiretapping and eavesdropping.  To many to list and get into for this post.

Although relatively few legal wiretaps are authorized in the United States each year, improvements in technology have made it easier to illegally wiretap, record and eavesdrop on broadband conversations. Everyone should be concerned about this.  From business to government, Politicians to individuals in legal disputes to even students everyone may have reason to be concerned about wiretapping and electronic eavesdropping.

Just as cable modems can be cloned, embedded multi-media terminal adapters (eMTAs) that enable VoIP over DOCSIS networks have been reportedly cloned - perfect clones to be specific, with BPI+ certificates.  This creates two significant concerns.  1)  The cloner can make and receive calls as if they were the original subscriber.  2)  The cloner can illegally monitor (or wire-tap) the unsuspecting subscriber.  A lot must go wrong in order for this scenario to occur given the security measures in PacketCable, however I have worked with a client on this issue and have observed countless forums where hackers discuss this having accomplished this similar activity, primarily to see if they could do it.  This is an example of cable operators not fully understanding how to implement proper security in DOCSIS and VoIP networks.

Next up are the countless holes in what we have come to know as the digital home.  The digital home consists of the termination of DOCSIS and all that subscribers do with DOCSIS data, video, VoIP and more.  Wireless (WiFi) networks play a big part of most digital homes.  Many cable modems now have integrated WiFi adapters which include a router and DHCP server.  Many subscribers do not recognize the importance of WiFi encryption or the ease of which a WiFi router can be compromised.

As technologies emerge so do technologies on how to eavesdrop.  Typically, illegal Internet wiretapping or eavsdropping can be conducted via WiFi connection to someone's internet by cracking the WEP or WPA key, using a tool such as Aircrack-ng or Kismet. Once in, the intruder will rely on a number of potential tactics, for example an ARP spoofing attack which will allow the intruder to view packets in a tool such as Wireshark or Ethercap.  The VoIP activity that is subject to eavesdropping are those conversations which are typically PC originated, which are more frequently being terminated in cell phones or land line calls.  On WiFi networks there are some simple steps which must be impemented by the home owner and/or the installation tech if provided by the cable operator as follows:

  1. Change the default login and password
  2. Make all passwords secure (8 or more characters, at least one uppercase character and on digit)
  3. Change the default wireless SSID (i.e. linksys) to something random
  4. Enable WPA or WPA2 encryption and setup a secure password
  5. For better performance, change the WiFi channel from the default channel 6 to channel 1 or 11
    1. If the WiFi device has an auto-channel scan, let it do its scanning to find an open channel
    2. If you have a phone app, scan for open channel
  6. Make certain to give the WiFi password to the home owner before you leave

So in summery broadband networks need to address these security concerns to the best standards available on the market.  An operator would not want to be pulled into an ugly divorce where "party A" eavesdropped on "party B" via an open unsecured network.  Where perhaps information gathered via this eavesdropping or wiretapping causes financial and or worse physical harm to a party.  Welcome the government and lawyers into your future.

One final item that should be mentioned. Often VoIP impairments require that an operator hear the impairment in order to gain an understanding of the problem.  This is usually done in by making a test call on the impaired line.  Cable operators should be aware that listening to subscriber traffic using applications such as WireShark for troubleshooting, even though in the best intensions, could be opening themselves up to criminal prosecution for illegal wiretapping.  Test equipment does exists that will analyze call quality without permitting a user to hear subscriber voice traffic, thus eliminating any risk of violating federal laws.


Mr. Volpe has over 25 years of communications industry experience. He is focused on the cable and telecom industry with deep technical and business skills. Mr. Volpe is currently the president and chief technologist of the Volpe Firm and holds an MSEE with honors.

Twitter LinkedIn Google+ 

, , , , , , , ,