Telephone conversations can be intercepted by tapping cables, but the telephone set itself can also be manipulated in order to secretly turn it into a microphone. To prevent the latter, the US Telecommunications Security Group (TSG) published several standards to enhance the security of landline/desktop phones.
Vulnerabilities of telephone equipment
There are basically four ways in which traditional landline telephones can be abused for eavesdropping:
- Listening to a phone call in person or by installing a listening device.
This can be prevented by creating a Physically Protected Space (PPS) or a Sensitive Compartmented Information Facility (SCIF) as part of the Operational Security (OPSEC).
- Tapping the telephone line which transmits the phone call.
This can be prevented by encrypting the voice signal, which is known as Communications Security (COMSEC).
- Capturing unintentional electromagnetic emanations from the phone.
This can be prevented by shielding the device and protecting the wires according to measures codenamed TEMPEST.
- Remotely turning on the microphones of the telephone set.
This can be prevented by implementing the measures from the standards of the Telecommunications Security Group (TSG).
This can be prevented by creating a Physically Protected Space (PPS) or a Sensitive Compartmented Information Facility (SCIF) as part of the Operational Security (OPSEC).
- Tapping the telephone line which transmits the phone call.
This can be prevented by encrypting the voice signal, which is known as Communications Security (COMSEC).
- Capturing unintentional electromagnetic emanations from the phone.
This can be prevented by shielding the device and protecting the wires according to measures codenamed TEMPEST.
- Remotely turning on the microphones of the telephone set.
This can be prevented by implementing the measures from the standards of the Telecommunications Security Group (TSG).
This blog post is about the last of these issues: the measures to prevent manipulating the microphones and speakers of landline telephone sets.
When telephones are connected to an uncontrolled, public telephone line, there's the risk that even when the phone is on hook, it can pick up and transmit conversations occurring in the vicinity.
An adversary can manage this in various ways, like manipulating or reconfiguring components of the phone, or by externally generating electrical voltages or control signals on the telephone line.
This risk can be mitigated by using TSG-approved telephone sets with security features like a physical disconnect of the microphone and the speakers when the phone is on-hook or when a call is placed on-hold.
Another way is to isolate the phone from uncontrolled lines when the device is not being used. This can be achieved through a separate disconnect device or to install the internal telephone system (PBX) according to TSG standard 2.
These options are shown in this diagram, which is taken from TSG standard 1:
(CTS stands for Computerized Telephone System)
The Telecommunications Security Group
It's not clear when exactly the Telephone Security Group (TSG) was created. It was probably not long after the establishment of the US Communications Security Board (USCSB), which was in 1953.
The charter members of the TSG were the Department of State, the Department of Energy, the Departments of the Air Force, the Army and the Navy, as well as the CIA, the DIA, the FBI, the NSA and the US Secret Service. The operating agency is the NSA, currently as part of its Commercial Solutions Center (NCSC).
In the early 1980's, the TSG prepared a set of standards that prescribe the measures to protect classified audio conversations against eavesdropping and manipulation of telephone equipment.
Not much later, the TSG was turned into the National Telecommunications Security Working Group (NTSWG). This eventually became a joint working group of the Committee on National Security Systems (CNSS), which was established by president Bush in October 2001 to protect US National Security Systems.
According to the preface of the TSG Standards, the NTSWG is "the primary technical and policy resource in the U.S. Intelligence Community (IC) for all aspects of the Technical Surveillance Countermeasures (TSCM) Program involving telephone systems located in areas where sensitive government information is discussed."
The TSG standards
Below is a list of eight TSG standards and one supplemental NTSWG standard. To prevent them from disappearing from the internet, their titles link to archived copies of the original documents.
TSG Standard 1
- Released: March 1990.
- Subject: An introduction to telephone security that provides general information about the TSG standards.
TSG Standard 2
- Released: March 1990.
- Subject: The general requirements for planning, installing, maintaining, and managing a Computerized Telephone System (CTS) within a Physically Protected Space (PPS).
NTSWG Standard 2(a)
- Released: March 2001.
- Subject: Guidelines for Computerized Telephone Systems (CTS), specifically aimed at manufacturers who provide small commercial-of-the-shelf (COTS) systems with 30 or fewer stations.
TSG Standard 3
- Released: March 1990.
- Subject: Type-Acceptance Program for Telephones used with the Conventional Central Office Interface.
TSG Standard 4
- Released: March 1990.
- Subject: Type-Acceptance Program for Electronic Telephones used in Computerized Telephone Systems.
TSG Standard 5
- Released: March 1990.
- Subject: Minimum requirements for a telephone that can be located in a sensitive discussion area without supplementary on-hook audio security measures.
TSG Standard 6
- Released: October 2024.
- Subject: A list of both 'Currently Manufactured Devices' and 'Devices Still in Use but No Longer Manufactured' that are TSG-approved (updated periodically).
TSG Standard 7
- Released: September 1994.
- Subject: Guidelines for Cellular Telephones.
TSG Standard 8
- Released: October 1994.
- Subject: Microphonic Response Criteria for Non-communications Devices.
The TSG Standards were meant to be replaced by and issued as Committee on National Security Systems Instructions (CNSSIs). Implementation of TSG standards/CNSS instructions neither prevents the application of more stringent requirements, nor satisfies the requirements of other telecommunications security programs such as TEMPEST, COMSEC or OPSEC.- Released: March 1990.
- Subject: An introduction to telephone security that provides general information about the TSG standards.
TSG Standard 2
- Released: March 1990.
- Subject: The general requirements for planning, installing, maintaining, and managing a Computerized Telephone System (CTS) within a Physically Protected Space (PPS).
NTSWG Standard 2(a)
- Released: March 2001.
- Subject: Guidelines for Computerized Telephone Systems (CTS), specifically aimed at manufacturers who provide small commercial-of-the-shelf (COTS) systems with 30 or fewer stations.
TSG Standard 3
- Released: March 1990.
- Subject: Type-Acceptance Program for Telephones used with the Conventional Central Office Interface.
TSG Standard 4
- Released: March 1990.
- Subject: Type-Acceptance Program for Electronic Telephones used in Computerized Telephone Systems.
TSG Standard 5
- Released: March 1990.
- Subject: Minimum requirements for a telephone that can be located in a sensitive discussion area without supplementary on-hook audio security measures.
TSG Standard 6
- Released: October 2024.
- Subject: A list of both 'Currently Manufactured Devices' and 'Devices Still in Use but No Longer Manufactured' that are TSG-approved (updated periodically).
TSG Standard 7
- Released: September 1994.
- Subject: Guidelines for Cellular Telephones.
TSG Standard 8
- Released: October 1994.
- Subject: Microphonic Response Criteria for Non-communications Devices.
TSG-approved equipment
Companies which manufacture telephone systems that conform to the requirements of the TSG standards can submit their product to the NTSWG for evaluation and subsequent Type-Acceptance. This allows these products to be installed within US government spaces as a qualified product that complies with government security directives.
As can be seen in the list of TSG Standard 6, there are only a few companies in the United States that provide TSG-approved telephone sets. The main ones are CIS Secure, headquartered in Ashburn, Virginia, and Advanced Programs, Inc. (API) with its headquarters in Columbia, Maryland. Both companies sell equipment that is TSG-approved as well as TEMPEST-proof.
Some TSG-appproved devices from CIS Secure (click to enlarge)
Most of the telephone and video teleconferencing equipment sold by CIS Secure and API is from large manufacturers like Cisco and then modified in order to comply with the TSG and/or TEMPEST standards.
TSG-approved phones can be recognized by an additional small red button, which disconnects the microphones when a call is put on hold. A detailed description of a modified Cisco 7962G IP phone can be found on the website of the Crypto Museum.
Since Joe Biden became president of the United States in January 2021, the Cisco phones for both secure and non-secure calls on the presidential desk in the Oval Office are also modified versions which provide TEMPEST protection and TSG compliance:
Two Cisco 8841 IP phones modified by API on the desk
of former US president Biden, January 20, 2021
of former US president Biden, January 20, 2021
> See also: The phones in president Biden's Oval Office
Links and sources
- Committee on National Security Systems: TSG standards
- NSA: Guidance on Securing Unified Communications and Voice and Video over IP Systems (2021)
- TSG-approved equipment: July 2005 - August 2018 (pdf)
- Government Attic: Declassified documents from the US Communications Security Board (USCSB) (pdf)
No comments:
Post a Comment