Profile picture
Matthew Green @matthew_d_green
, 12 tweets, 3 min read Read on Twitter
I was puzzling about the news story re: spies listening in on Trump phone calls, and in searching for the cellular protocols I found this old blog post I wrote. blog.cryptographyengineering.com/2013/05/14/a-f…
The TL;DR is that there are a ton of active attacks on cellular protocols like GSM (in which someone poses as a tower). But it’s hard to imagine China and Russia doing these and not being caught or jammed by the secret service or the FBI.
If they’re not running active attacks then that leaves some attack on the phone company infrastructure (not a wireless attack) or some passive decryption attack on the wireless signal.
Who can say about the former. The latter would depend on (1) some really bad crypto, (2) a theft of keys from a SIM or SIM card manufacturer, (3) unauthorized access to the cellular provider or nearby towers.
Hacking keys out of a tower seems like it could be possible. I’m sure the FBI et al. try to stop this kind of thing, but I’m not convinced that they’re going to succeed unless they control the hardware. The tower (SN/VLR) does have everything.
The other possibility is that someone really screwed up the crypto. And looking at this one (possibly not adopted!) proposal for deriving cellular encryption keys, that’s not totally impossible. This is nuts.
Anyway. This all makes me nostalgic for the days when all we had to worry about was the NSA spying on everyone. I like this new world a lot less.
Related: politico.com/story/2017/10/…
Another good thread by @alexstamos on what might be happening with Trump’s phone.
Ok, the last thing I want to say about this Trump cell-phone interception story...
A few years ago a USG official asked a Microsoft rep why it mattered that consumer devices have strong encryption.

His reply: there’s no such thing as a “consumer device”. Our high-sensitivity customers (CEOs, politicians) use the same devices as everyone else.
Now the President of the United States is putting his security, and maybe the security of the country, at the mercy of a bunch of crummy “consumer grade” telecom security protocols. Couldn’t be a better illustration of the phenomenon.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Matthew Green
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @matthew_d_green see all

Profile picture
The Facebook stablecoin (if it works, scales, gets deployed and adopted by non-Facebook companies, doesn’t get regulated into dust) is going to be a massive game-changer for the financial services industry. Fight me.
Hell, even if Facebook is able to make a credible run at deploying the thing, it will give them huge leverage with their banking relationships. No more closed (to FB) instant networks like Zelle, reduced transaction fees, etc.
Summary of the comments: (1) a bunch of people seem to think asset-backed stablecoins won’t be allowed by regulators, or that people won’t use/trust them. That horse has already bolted. google.com/amp/s/www.coin…
Read 5 tweets
Profile picture
The theory, for what it’s worth, was that the big brand name services would behave better than the fly-by-night shady data brokers. Much as CVS is perceived as less likely to put Fentanyl into your medicine than, say, the drug dealer on the corner.
The sole redeeming feature of the centralization of the web was supposed to be improved data handling. Better security and oversight of partners (like ad networks etc.) Instead we got Facebook treating your data the way a teenager treats a house when the parents go out of town.
The Facebooks and Googles would do this voluntarily, in part because it’s smart business — don’t give away the store. But mostly because it’s way easier for governments to target them with punitive regulations.
Read 4 tweets
Profile picture
@LargeCardinal The group messaging mechanism is very different. In Signal (app) group messages are layered on top of the existing pairwise messaging system. To add a new user, you (an existing user) have to send encrypted control messages to each existing user. The server can’t do this.
@LargeCardinal In fact, the Signal server doesn’t even know what a group message is. As far as it’s concerned, when I send a message to a group of N people, it just looks like I’m sending a bunch of pairwise messages at the same time.
@LargeCardinal In WhatsApp (as of a few months ago) the server knows what group messages are. It actually sends special control (add/remove) requests to the members of the group, and it handles multiplexing group messages to all of the other users.
Read 4 tweets

Related threads

Profile picture
Who funds the IEA, the TPA, the ASI &co?
You know, the RW 'free trade' thick tanks advocating tax havens, "freedom" (no regulations like workers' rights or environmental protection), no welfare (no tax & no free healthcare).
Basically, "Only the wealthier survive" philosophy?
1/n
*Could it be* that it has something to do with defending their funders' interests?
Today, I'm going to tell you the Thick Tanks' Hydra tale.
Featuring Atlas, huge piles of money, tradition, "free speech", useful idiots and a very clear agenda that Brexit/Trump are a part of.
2/n
Take a seat: It's a long story, with a lot of players, including politicians, pretty ladies squatting your TV, the climate change denial's network, the global fascist movement, Silicon Valley/multiname data-stealing/misusing company & private companies' involved in elections.
3/n
Read 249 tweets
Profile picture
Trump: Day 657
-Installs Loyalist 2 Oversee Probe
-Meeting w/ Putin on #VeteransDay
-W.H. Posts Doctored Acosta Video
-12 Killed in 307th Mass Shooting
-Denied by Courts From Ending DACA
-NoKo Cancels Meeting with Pompeo
-#ProtectMueller Rallies Nationwide
Add...
Day 762 since Donald Trump admitted to sexual assault — yet he’s still in the Oval Office
Add...
Day 613 of NO EVIDENCE produced by Trump that his phones were tapped by Obama.

The FISA warrant Trump referenced targeted Carter Page. #TrumpLies
Read 71 tweets
Profile picture
Russia and Iran are engaged in disinformation campaigns aimed at US citizens. Twitter just released over 10 million tweets from over 4500 Russian and Iranian accounts engaged in influence operations dating back to 2009. We've analyzed the data. Here's what you need to know...
Russia's influence operations are far-reaching, aimed at a number of countries. This, of course, includes ops aimed at US voters in 2016, but also includes their own people. 58 Russian-language accounts tweeted regional "news" related to Crimea, Syria, and other military action.
44 US-directed local "news" accounts amassed over half a million followers. By using local-sounding news source names, they were able to dupe Americans from *other* regions to share what they thought was authentic news.
Read 15 tweets
Profile picture
THREAD

#Trump #SaudiArabia #BinLaden #Russia
1.#Trump was involved with #SaudiArabia early on, since at least the 1990´s,
In 1991 #Saudi Prince Alwaleed bin Talal purchased #Trump’s yacht, #Trump Princess

#Trump #SaudiArabia #BinLaden #Russia

buzzfeednews.com/article/andrew…
2.#Trump was forced to either surrender it to creditors or sell it because he was roughly $900 million in debt

#Trump #SaudiArabia #BinLaden #Russia

nytimes.com/1991/12/31/bus…
Read 19 tweets
Profile picture
THREAD

#Trump #Russia #HumanTrafficking #Prostitution #Conspiracy
1.A not revealed story pertaining to the @Comey letter is that public evidence prove that #Prince #Giuliani and #Trump conspired to "Lean" on #Comey to reopen the investigation into Hillary

#Trump #Russia #HumanTrafficking #Prostitution #Conspiracy

huffingtonpost.com/entry/the-dome…
2.#Prince, #Giuliani, and #Trump conspired to lean and intimidate @Comey

#Trump #Russia #HumanTrafficking #Prostitution #Conspiracy

Read 72 tweets
Profile picture
Trump Hotels' website still lists Trump SoHo New York among its properties in the Our Hotels menu. Select its name though to access its page and there's a message about it being renamed

bit.ly/2EPCSy1
National politics correspondent for Newsweek, Nina Burleigh, with a fun find on a TV above the bar at the Trump Hotel DC bit.ly/2E37QRR
Two errors in the 2nd graf of Breitbart's Trump Hotel DC article:
-holdings aren't out of @realDonaldTrump's hands: trust isn't blind & he can profit from it
-Trump Org told Congress it was estimating foreign receipts—not auto donating in full
bit.ly/2CpL7z2
Read 1562 tweets

Trending hashtags

#corporatelaw #UK #Yanukovych #Bannon #Libdems #whitehousetalk2018 #Rogue #Colombia #Epsteins #Olympics #CapitalGazzette #Consulate #Charitylaw #PearlHarbor #news #Dowd #Gazprom #VoteLeaveBrokeTheLaw #Firtash #bbcr4 #AWFDY #potus #Khashoggi #MSM #legalaid

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!