jbn@glacier.stanford.edu (John B. Nagle) (12/30/88)
Last week I wrote: >> The moderator's idea can be beaten, but I don't have time to explain how >>right now. Maybe next week. The basic notion of call-back is that the receiver accepts a call, insecurely identifies the caller, disconnects the call, and initiates a call to a previously-determined number to establish a connection between known points. The fundamental insecurity of call-back derives from the assumption that the call-back does in fact connect to the intended number. Ignoring schemes involving tampering with the switching system, the main difficulty comes from spoofing the call-back system into thinking that it is getting dial tone from the CO when it is in fact receiving a call from the attacker. The easy way of doing this involves holding the connection up while the call-back system tries to disconnect and redial, and then spoofing it by generating dial tone and perhaps other call-progress tones. This can be defended against as the moderator suggests. The attacker must then resort to an attack of the class "exploitation of a timing window". The notion here is that the call-back system can't tell the difference between a incoming call that arrives at very close to the time that the call-back system goes off-hook, and dial tone received from the CO because it went off-hook. So if you can get the timing just right, it is possible to make a spoofing attack. Getting the timing right is possible if both the call-back system and telephone system offer repeatable timing. During hours of low load, this is possible. The attacker does not have to guess right, but can servo in on the correct value. If the attacker obtains a busy signal, the time waited before dialing up the spoofed connection is too long. If the attacker obtains a modem answer tone, the time waited is too short. Thus, a simple servoing algorithm will quickly center the timing around the correct value. It's possible to exploit very narrow timing windows using this technique, which is usually used to exploit time-of-check/time-of-use bugs in operating systems. While the attacker is adjusting the timing, the call-back system is likely to notice that something is wrong, but once the timing is properly adjusted, the call-back system can be spoofed successfully. The timing adjustment attempts might precede by several days the actual attack; this may be necessary if the call-back system only allows a small number of failed attempts. Defenses against this attack include using a different originate-only line for call-back, randomizing the time between dial-in and call-back, and, perhaps, the use of ground start trunks. It's not clear that anyone would bother to do this complicated an attack but it's possible. John Nagle