[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The New Mykotronix phones...




Okay, let's suppose that the NSA/NIST/Mykotronix Registered
Key system becomes standard and I'm able to buy such a system
from my local radio shack. Every phone comes with a built in
chip and the government has the key to every phone call. 
I go and buy a phone and dutifully register the key. 

What's to prevent me from swapping phones with a friend or 
buying a used phone at a garage sale? Whooa. The secret registered
keys just became unsynchronized. When the government comes 
to listen in, they only receive gobbledly-gook because the 
secret key registered under my name isn't the right one. 

That leads me to conjecture that:

1) The system isn't that secure. There are just two master keys
that work for all the phones in the country. The part about
registering your keys is just bogus. 

or 

2) The system is vulnerable to simple phone swapping attacks
like this. Criminals will quickly figure this out and go to
town.

In either case, I think we need to look at this a bit deeper.

-Peter Wayner