Faith-based security, the case of the fax
Recently I was surprised by a comment made by an anonymous reviewer on the security of various methods for information exchange, where he or she noted that the approach mentioned “would not offer the same properties as a fax in terms of confidentiality.”
This begs the question “what confidentiality properties , if any, does a fax offer,” and as we shall see below, the answer is rather scary.
But first, why bother with fax at all, isn’t it a forgotten technology? Actually, despite the near ubiquitous use of electronic communications in most areas of our life, there are still some corners where old-style communications are still used extensively for the exchange of documents. For various, mainly legal, reasons, the fax is considered the safest technology for the exchange of sensitive information in sectors such as healthcare, and the legal industry.
So why are people still relying on faxes, when alternate means of communication such as email, cloud storage, etc. may be used instead. Apart from the “force of habit” argument, there are legal grounds (in some cases the fax is considered a legal electronic document) as well as the perception that fax is more secure than commonly used alternatives.
For this reason, medical personnel will often resist sending patient data over email, but use fax instead, even though the limitations of this technology make it much harder for them to do their job. To make matters worse, fax machines are no longer ubiquitous, and as they break down, most people just throw them away, which means that the network effect now works in reverse.
But is fax really trustworthy? Actually not. Fax is sending digitized, but not encrypted information over the telephony network which means that any security properties it has are inherited from the telephony network. However, it is well known that malicious parties with the available technology can eavesdrop on telephone calls, impersonate senders, even fool the telephony network in sending a fax to a number other than the intended one [Cellusys15].
Illegal intercept techniques exist at every level of the telephony hierarchy starting from the last-mile, all the way to signaling between telecommunication provider networks. In the next paragraphs we look at vulnerabilities that exist at each level and the effort it would take to exploit them.
Low tech eavesdropping solutions also exist in the form of the old-style device connected via crocodile clips to the telephone line. Of course, advances in technology allow the old tape recorder to be replaced by a single board computer that decodes the digital stream and saves the data (voice, fax, signaling) in a flash card for later retrieval.
Telephone Exchange level
The 2006 Vodaphone wiretaps article in IEEE Spectrum [PrevSpin06] described an attack that installed rootkits in a number of telephone exchanges, allowing the eavesdroppers to listen-in on conversations over cell-phones. However, since the attackers targeted telephone exchanges, there is nothing to prevent the same method being used to eavesdrop on fixed telephony networks. The malware installed as part of the rootkit included a list of numbers to be monitored and the numbers of cell-phones that would used for the wiretapping. When a monitored number received a phone call or initiated a call, the malware would set up a 3-way conference call between the two communicating parties and one of the cell-phones of the eavesdroppers.
The companies who operate the telephone exchanges, can also program them in the same way to monitor calls. Fax transmissions are extremely easy to identify on a massive scale allowing an operator to obtain copies of every fax sent via its network. Obviously this is against the law in most, if not all, the countries, but governments can force the operators to carry out the illegal wiretapping without letting anybody know.
Experience with the Patriot Act in the US, shows how this can be done even in fairly open societies. Secret courts would issue subpoenas allowing the wiretaps, but neither the subpoenas themselves, nor the court proceedings were subject to public scrutiny. In addition through a loophole in the wiretapping law, NSA personnel in cooperation with AT&T and MCI personnel, were tapping, without warrants, the network fibers that linked the US with the outside world. In this case the scale and the extent of the operation imply that only statelevel actors can carry out this type of monitoring, but there is still the opportunity for a more targeted surveillance that targets an organization or a set of individuals with very low likelihood of discovery, since the entire configuration to allow the wiretapping is in software.
Attacks on the SS7 signaling
In the days where there where only a few telecommunications providers in the world, the interconnection between their networks was done in an orderly fashion with everybody working together to ensure the smooth running of the global telephone network. However, the proliferation of all kinds of providers (even ones without a physical network) and the ease with which telephone numbers can move from one operator to another has made management of the inter-network requests a source of security concerns. According to the Washington Post, December 18, 2014:
“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, […] are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.”
The SS7 signaling protocols allow one telecommunications exchange to talk to its peers and arrange for the setup of both voice and data calls in both a local and global setting. The issue with SS7 is that when it was designed back in the early 80s, security was not an issue because it was assumed that the protocol would be used by within a “walled garden” provided by a closed industry [Lore02]. In addition, the cost of joining the SS7 network was tremendously high, further strengthening the position of the SS7 as a reliable and trustworthy protocol. However, the proliferation of mobile telephony and the resultant mobility of telephone numbers (while in the 70s, the number prefix would nail down the general location of the telephone it belonged, by the late 90s, a US number could be calling from Japan via roaming) necessitated the introduction of dynamic lookup protocols, such MAP and CAP. The problems are not restricted to mobile handsets, as “fixed” numbers may also move around from provider to provider, even to VoIP (Voice Over IP – a, fairly, recent protocol that allows traditional telephony over Internet Protocols) so that a typical Brooklyn telephone number may actually ring in China. A report by the US Department of Homeland Security [DHS17] warns that “similar SS7 vulnerabilities exist with ‘landline’ phones.” To make matters worse, the barrier-to-entry is getting lower almost daily. By 2019, a hacker investing US$150–$2500, “could gain unauthorized access to the SS7 network and exploit cellular vulnerabilities without requiring any infrastructure at all” [ITU20].
One of the SS7 vulnerabilities that affect fax security, is the ability of an unauthorized party to redirect a dialed number to another. In this way the fax to your bank can be delivered to another fax. The recipient may then copy or modify the fax and forward it to the correct number, thus violating the confidentiality property of the fax transmission. The Cellusys report provides detailed analyses of these vulnerabilities and how they may be used to implement specific attacks [Cellusys15].
Note that since faxes are essentially 1 bit digital documents (each dot maybe either white or black, not gray), faking faxed documents is particularly easy as shading algorithms cannot be used on 1-bit images. Artifacts such as stripes, repeated or missing lines, may also be used to cover touch up errors.
Another vulnerability is that the “caller-id” field in the call setup frame may also be manipulated, allowing a call to appear to originate from a known telephone number, when, in fact, it is originated from some random number. In this way, a fax may also appear to be coming from the correct number. This violates the non-repudiation property since the sender may claim that she never sent the fax, and from the data produced from the receiving fax machine we cannot tell for sure.
SS7 vulnerabilities also include the ability to intercept SMS and other data transmissions, making SMSs as a part of a two-level authentication questionable. This is highlighted in a 2020 ITU report on the effect of SS7 vulnerabilities on financial transactions [ITU20].
Why are the telecom providers not doing anything to prevent such attacks? A 2018 report by ENISA indicates that beyond basic mitigation, 75% of the providers responded that “complexity and cost are blocking the implementation of advanced signaling protection.” [ENISA18]. In other words, they will only do it if forced to do so by law.
Finally, I will briefly mention VoIP which opens its own can of worms as it allows telephone calls (and fax, of course) to be sent over IP without any encryption. Nowadays, most home gateways include 1 or 2 sockets for traditional analog phones, so that the home telephone, or fax, is not connected directly to the telephone exchange, but via IP to some remote VoIP telephone exchange. Again, describing VoIP vulnerabilities will be left for a future blog posting, as the subject is indeed quite broad.
Back to our infamous fax. Security cannot be based on belief (as in “I believe a fax transmission is secure, therefore it is”), but on facts. To make matters worse, it is easier to prove something is insecure, by showing ways it can be broken, than proving that something is secure. Convenience may be a factor, but again convenience is not security – quite the opposite, security often makes things more difficult (like convincing a new Mac to run an application downloaded from the Internet).
So, whatever your doctor or lawyer tells you, you must be aware that sending confidential information via fax is no more secure that sending it by post using an unsealed envelope.
[DHS17] DHS, “DHS Study on Mobile Device Security”, Department of Homeland Security, April 2017
[ITU20] ITU_SIT_WG Technical report on the SS7 vulnerabilities and their impact on DFS transactions, ITU, 2020
[ENISA18] ENISA, “Signaling Security in Telecom SS7/Diameter/5G – EU level assessment of the current situation,” March 2018, ISBN: 978-92-9204-252-3
[Lore02] Lorenz, J. Keller, G. Manes, J. HaIe, S. Shenoi, “Public Telephone Network Vulnerabilities” M. S. Olivier et al. (eds.), Database and Application Security XV, pp 151-164.
[Cellusys15] Cellusys, “SS7 Vulnerabilities” [PrevSpin06] V. Prevelakis, D. Spinellis, “The Athens Affair,” IEEE Spectrum, 44(7), pp. 26-33, July 2007.
(By Vassilis Prevelakis, TU Braunschweig)