Feds' Radios Have Significant Security Flaws

OverTheGeicoE writes "The Wall Street Journal has a story describing how the portable radios used by many federal law enforcement agents have major security flaws that allow for easy eavesdropping and jamming. Details are in a new study being released today (PDF). The authors of the study were able to intercept hundreds of hours of sensitive traffic inadvertently sent without encryption over the past two years. They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not."

The Federal Government Has Major IT Problems

You notice that pretty much everything sold to the federal government is fraudulent? There is an entire industry devoted to ripping them off. Why isn't there a mechanism in place to punish these folks?

Re:The Federal Government Has Major IT Problems

[couchslug]

"Why isn't there a mechanism in place to punish these folks?"

A fine idea, but let's outsource it to save money.

Re:The Federal Government Has Major IT Problems

[AvitarX]

There is, you're allowed to Sue on behalf of the government if it doesn't do so itself. You get a 30 percent take.

Re:The Federal Government Has Major IT Problems

[jimpop]

How else would that industry be able to sell upgrades?

Re:The Federal Government Has Major IT Problems

[fuzzyfuzzyfungus]

We kind of do... It just isn't all that toothy and appears to apply more seriously to smalltime operators, not to Big Respectable Contractors...

Re:The Federal Government Has Major IT Problems

[Opportunist]

And who do you think should pay the kickbacks if they wasted money on research or production?

Tsk, tsk, people don't understand politics.

Re:The Federal Government Has Major IT Problems

[hairyfeet]

Hell if they are anything like the local yokels and the county mounties they are making money both ways! In my area the above get all the federal grants to upgrade gear for the "war on (insert drug of the week)" which of course they skim the fuck off of with kickbacks and the like (hell you should have seen the jail they got a grant to build. Supposedly the thing cost 3 mil+ and the wires were hanging down and the shitters leaked on opening day. The cops wives got some nice Navigators though) and then when the feds sniff around expecting to do some busts the cops get paid AGAIN by giving the dealers the heads up LOL! I knew one who actually got his info from the dispatcher before the cops were told where to go so he actually had better info than they did, LOL!

So if it is like everything else I've seen involving government nobody really gives a shit about quality dude, it is all about skimming and kickbacks. In my area the cops supposedly get paid $30k a year, but they all live in big ass houses with pools and the wives all drive brand new navigators. You don't think they can afford that nice stuff by giving a shit about quality for the public's money do you?

Re:The Federal Government Has Major IT Problems

Having created some of these radios I can tell you there is a lot of bullshit in the report. All of the digitial radios (P25) of which I'm aware support multiple encryption schemes right out of the box. They need only be configured and deployed.

The lacking support of encryption is almost always a deployment decision, not a technology issue. Furthermore, its very common for some channels to not be encrypted while leaving others fully encrypted.

Just because unencrypted communication can be intercepted doesn't mean encryption capabilities are lacking.

Re:The Federal Government Has Major IT Problems

[senlis]

That is what I am thinking. Talking about sensitive material on an unencrypted radio is the equivalent of me going to a crowded area and yelling it. Anyone who has a radio and is listening to the correct unencrypted frequency can listen to it. Really, it is just a discipline issue: either encrypt the radio or don't talk about sensitive material. The texting toy modified to jam the radios is interesting, though encryption has nothing to do with it. Encryption and jam resistance are two different things. Jam resistance is usually performed by frequency hopping, and I would be surprised if those radios didn't have some capability they just aren't using. The other question is how much power these texting toys are generating when they are jamming. The amount of power dictates how close you have to be to jam the radios. It isn't very useful if I have to stick this texting toy in the guy's face to jam his radio.

You know what this means, don't you?

[jd]

Kim Possible has become Evil!

Re:You know what this means, don't you?

[geekoid]

She is fighting Homeland security, clearly she has NOT gone evil.

Re:You know what this means, don't you?

[Opportunist]

Wait, isn't homeland security currently in charge of defining evil? Or was that outsourced to Fox News?

Re:You know what this means, don't you?

[jd2112]

Wait, isn't homeland security currently in charge of defining evil? Or was that outsourced to Fox News?

They both are, different departments.

Re:You know what this means, don't you?

She is fighting Homeland security, clearly she has NOT gone evil.

Logical fallacy.

Evil fights evil all the time. Just look at Hitler v. Stalin for a prime example.

This is not to say that she HAS gone evil, just that your statement is not contraindicative.

Not everything is encrypted

[geekoid]

or supposed to be. I couldn't find where they where using an encrypted channels.

And it's radio, so NEWSFLASH: It can be jammed.

Ob. link:
http://www.youtube.com/watch?v=FcArnepkhv0

Re:Not everything is encrypted

[fuzzyfuzzyfungus]

Obviously, any RF device can be jammed(if nothing else, a correctly crafted jamming signal could cause destructive interference resulting in zero signal at the receiver site; but good luck with that one...); but the difficulty of doing so can vary widely. If a spark-gap that blacks out the east coast and draws complaints from the FCC-analogs of 6 nearby countries jams something, the designer gets a pass. If some FCC approved kiddie toy can jam it, the system is likely being attacked in a manner significantly more sophisticated than brute force...

From TFA: " But, as we will see below, the situation is actually far more favorable to the jammer than analysis of its modulation scheme alone might suggest. In fact, the aggregate power level required to jam P25 trafc is actually much lower than that required to jam analog FM. This is because an adversary can disrupt P25 trafc very efciently by targeting only specific small portions of frames to jam and turning off its transmitter at other times... It is therefore unnecessary for an adversary to jam the entire transmitted data stream in order to prevent a receiver from receiving it. It is sufcient for an attacker to prevent the reception merely of those portions of a frame that are needed for the receiver to make sense of the rest of the frame. Unfortunately, the P25 frame encoding makes it particularly easy and efcient for a jammer to attack these subelds in isolation."

Oops: A sophisticated digital RF transmission mechanism substantially more vulnerable to jamming than analog narrowband...

Re:Not everything is encrypted

[AvitarX]

If the user interface leads to accidentally sending things in the clear, it's a problem. If it's stupid feds, that's a problem too (but a different one).

Why shouldn't essentially everything be encrypted? That sounds like the sane default to me.

Re:Not everything is encrypted

[geekoid]

Because we want to minimize the amount of chatter that goes on behind closed doors?
You're 'sane' default leads to less checks and balances. No thanks. OTOH, very few criminal would actually know or do anything about this.

Re:Not everything is encrypted

[fuzzyfuzzyfungus]

Apparently, aside from user interface failings, the system is based on manual keyfill and pre-shared keys...

And I'm not talking "Man, I hate trusting CA certs" pre-shared keys, I'm talking "Apparently, news of assymetric key cryptography hasn't made it to P25 land yet, and we have no option but to talk in the clear unless everybody we are talking to has been keyfilled ahead of time. Oh, also, none of our radios provide any warning when receiving a cleartext signal, they just decode and play exactly the same as if it were encrypted... We are deliberately ignoring everything that has been learned about maintaining encrypted channels under real world conditions here, apparently!"

Re:Not everything is encrypted

[fuzzyfuzzyfungus]

By "very few" you mean "Only the really smart and dangerous ones, and any of the ones who imported an dubiously legal P25 scanner, labelled as a "toy/gift", from a drop-shipper in Hong Kong", right?

Re:Not everything is encrypted

[hawguy]

From the study itself:

A jammer synchronized to attack just the NID
subeld of voice transmission would need to operate at
a duty cycle of only 3.7% during transmissions. Such a
pulse lasts only about 1/100th of a second.

So not only does this mean that your jamming transmitter can be small (not much power to dissipate when you're only transmitting a 100ms pulse, but it means that the power source can be small, and the short duration of the signal makes it hard to find.

So when you're ready to create your civil disruption, you drop 100 of these jammers around town (they can be quite small, powered by a couple D-cell batteries for a few days), with so many jammers, it's hard to triangulate on any single one of them.

Any EE undergrad should be able to build these jammers using easily obtained off-the-shelf components.

Re:Not everything is encrypted

Wait, the Hong-Kong drop shipper sell P25 equipment? Would you happen to have a link? These things would be awesome to play around with under Part 97.

Re:Not everything is encrypted

[b5bartender]

you can buy a "dubiously legal" P25 scanner at any Radio Shack or Amazon... P25 is an open standard.

Re:Not everything is encrypted

P90x is an extremely intense program.Sheer will and determination may get you to the finish line,but to achieve the best results,you’ve got to have the proper quality and quantity of nutrition.We make these supplements optional,so you have a choice.But know that P90x supplements were designed for this program and will supply your body with the necessary nutrients to give you added strength energy,and stamina for each workout.

As you may notice from the math on the following pages,P90x ia not bulit around adaily “calorie deficit” for weight loss like the general Beachbody plans found in Power 90,Kathy Smits’s Project :You!Type 2,and Slimin 6.It’s important that you understand why ,so you have the right training mentality with this program ,with the right expectations.
http://www.wholesaler-movies-dvds.com/

Re:Not everything is encrypted

[Obfuscant]

Why shouldn't essentially everything be encrypted? That sounds like the sane default to me.

Because encryption requires management of encryption keys, which require security clearances for people who go around loading keys in radios and need to store keys locally.

It creates a terrible headache for backup radio systems and radio caches. I.e., the feds have several large storage areas for equipment that is needed in a disaster but wouldn't get much use otherwise. Someone would need to keep all those radios keyed up to date if everything was encrypted. Also, the radios need better security if they are encrypted. I manage a stack of about two dozen radios -- it would be a real PITA if I had to get a clearance so I could go rekey them once a week.

For CAP (Civil Air Patrol), they are getting/have gotten encryption capable radios. Out here, there is nobody with a clearance to manage the keys and keying of radios. It also shuts out personally owned equipment use, and mostly there isn't much that needs to be encrypted in the first place. CAP is getting this capability because they sometimes in some areas support fed agencies that want encrypted traffic. (The aircraft radios won't do it, anyway.)

And finally, encryption really puts the nail in the coffin of the idea of "interoperability"; that is, different agencies being able to communicate with each other when they need to. E.g., a major forest fire needs people from many agencies and different fire departments to fight it. They all show up with their own radio equipment. Interop means they all have standard channels (VTAC, VCALL, UTAC, etc) (look up "NIFOG" in google for the field guide that defines this all) and can talk to each other as soon as they arrive. Encryption means those who have encryptable radios have to get the right keys installed before they can do anything, and those without encryptionable radios don't talk to anyone.

And really, finally, encryption does NOTHING to prevent the issues of jamming and interference. The only people who haven't figured out that P25 digital systems have nowhere near the coverage as the old analog wideband systems are the radio manufacturers making billions selling the new P25 whiz-bang radios. We did a simple test out here (somewhere on the west coast) comparing P25 to analog narrowband, and P25 would fail where analog narrowband woked fine. One company (with the intials "M") came out here and proposed a trunked digital system to replace all the local public service systems, and they wound up with about thirty radio sites to provide the same coverage that we are getting with a dozen. Just doesn't work as well, and that's personal experience.

Re:Not everything is encrypted

[ae1294]

So not only does this mean that your jamming transmitter can be small (not much power to dissipate when you're only transmitting a 100ms pulse, but it means that the power source can be small, and the short duration of the signal makes it hard to find.

So when you're ready to create your civil disruption, you drop 100 of these jammers around town (they can be quite small, powered by a couple D-cell batteries for a few days), with so many jammers, it's hard to triangulate on any single one of them.

Any EE undergrad should be able to build these jammers using easily obtained off-the-shelf components.

open source project???

Re:Not everything is encrypted

But they DO provide a warning every time someone TRANSMITS a clear signal - in the form of a beep before the user can start speaking, each and every time.

Re:Not everything is encrypted

[Gordonjcp]

But the signal is more-or-less continuous, so you are trying to locate the source of a very powerful continuous buzz.

This is trivial to DF.

Re:Not everything is encrypted

[adolf]

I agree; P25 is crap. (Qualification, for whatever it's worth: I've installed/programmed/fixed/pondered-upon many thousands of such radios, all from a company with the initials "M" and am entrusted with keys to the tower sites all over a certain midwest state.).

Nobody really likes it. Some agencies are happy because they've got new radios which aren't yet as broken as their old ones were, but they cost 5-10x as much to buy, each. Plus a monthly fee, per radio, for service. The only reason they're even slightly happy is because they were all pretty much "free" through a state-funded grant program, which to me (as a taxpayer) is not free at all.

Nobody is happier with coverage except in the off case that they're out of their jurisdiction (which does happen, but not routinely by anyone who needs to communicate regularly). Nobody is happier with audio quality (narrowband FM can sound rather good from 300-3000Hz; digital P25 is always robotic-sounding from codec artifacts). They all want to be happier with interoperability for individual units, but nobody ever uses that and therefore won't remember how when a Big Event happens.

Consequently, anything that involves multiple agencies things still get patched together on dispatch consoles and mobile communications centers, with dedicated radios per channel (or talkgroup) -- exactly as it always had been, pre-P25.

And nobody's going to be happy when the radios start to get tired after a few years and needing repairs.

I'm happy with it as someone who earns a meager hourly wage working on it, because the initial push kept me very busy for a few years in a rough economy.

But as a professional who enjoys doing good work, I'm unhappy with it because it inherently sucks, as built, and therefore I have to give people dumb answers to their legitimate questions and problems instead of just -- you know -- fixing it.

And as a (perhaps too-well) informed citizen, I hate it. The way I see it, the old stuff worked better, and allowed me better protection.

Re:Not everything is encrypted

[Lieutenant_Dan]

Excellent points.

The only suggestion I could make in this scenario would be to store the encryption key on an external dongle/smartcard/USB-key that requires a PIN/password to activate (and need it after x amount of time). That would address the issue about managing the inventory.

Now that does transfer the issue of key management to some other part of the great fed machinery. Still a messy endeavour.

Re:Not everything is encrypted

[GooberToo]

Why shouldn't essentially everything be encrypted? That sounds like the sane default to me.

Because news organizations frequently are given radios. As a rule of thumb, only discussions which are intended for public consumption are done on unencrypted channels. Furthermore, encryption prevents cross departmental communication. So imagine 9/11. Now imagine none of the various agencies being able to communicate because none have the same keys.

Honestly, there doesn't exist a legitimate reason for everything to be encrypted.

Re:Not everything is encrypted

Welcome to military radios...

Re:Not everything is encrypted

[hawguy]

But the signal is more-or-less continuous, so you are trying to locate the source of a very powerful continuous buzz.

This is trivial to DF.

Ahh, good point, when I first read the article, I thought the key was sent at the beginnning of a voice stream, but in rereading, it looks like it's sent with every packet, so the jammer would need to operation more or less continuously. LIke in a 3.7% duty cycle (as it says in snippet of the article I quoted).

But still, there's safety in numbers, with a 100 point sources sending out jamming signals, it's much harder to triangulate on any single one.

Re:Not everything is encrypted

[Obfuscant]

You can buy a dubiously legal P25 transmitter on Ebay.

But you won't be buying the encryption keys for encrypted P25 traffic there.

Re:Not everything is encrypted

[Gordonjcp]

No, quite the reverse. If you've got lots of sources it's quite easy to find them simply because you've got a better chance of finding one.

Re:Not everything is encrypted

[Yamioni]

But still, there's safety in numbers, with a 100 point sources sending out jamming signals, it's much harder to triangulate on any single one.

This is only true if you attempt to search for one inside of a field of many. You can't triangulate to a single source when you're in range of multiple transmitters all broadcasting the same source. But nothing says you can't start your search from beyond the edge of the coverage zone where you can easily be in range of one and only one transmitter at any given time. Following the method of outside-in, you could rather easily chip away at the coverage zone. Generally speaking though, yes, it would be harder to triangulate their locations simply because you have to modify your tactics to guarantee success.

Nothing to see here

[whitelabrat]

Uh. Yeah. I think FCC rules prohibit encryption. And we are talking about radio, not wired communications.

You want privacy? Use a phone. Unless you're at a DEFCON gathering.

Re:Nothing to see here

[leighklotz]

I'm totally lost here; want to try again?

Uh. Yeah. I think FCC rules prohibit encryption.

They do not.

And we are talking about radio, not wired communications.

Security issues in radio and wired communications are almost the same unless you can guarantee no physical access to your wire.

You want privacy? Use a phone.

Phones are radios.

Re:Nothing to see here

[DeadCatX2]

The FCC prohibits encryption of radio waves? So...does that mean my WPA2 access point is in violation of the FCC?

Re:Nothing to see here

[mmontour]

Uh. Yeah. I think FCC rules prohibit encryption

There's no overall ban on encryption, although some services such as amateur (Ham) radio aren't allowed to use it.

Re:Nothing to see here

[anubi]

Try googling "spread spectrum" communications.

With spread spectrum technologies, you can transmit damn near anything covertly.

If the snooper does not have your exact algorithm, not only does he has no way of decoding your transmission, he doesn't even know a transmission took place.

Yes, spread spectrum can be jammed if a wideband noise source is placed near the receiver. The S/N drops so much the receiver will fail to extricate the signal from the ambient noise.

A spark gap is a wideband noise generator.

Re:Nothing to see here

[WorBlux]

The prevent encryption on public bands. (CB, HAM, shortwave)

Re:Nothing to see here

[Yamioni]

No but a WEP one should be.

Posting that link was irresponsible

[sackvillian]

The front page of the 'texting toy' website begins with 'It sounds 2good2btru - but it's 4real!' and ends with my stomach contents, evacuated onto the floor. Shame on TheGeicoE for subjecting us to that.

Re:Posting that link was irresponsible

[sjames]

You have received a Denial Of Sustenance attack.

Re:Posting that link was irresponsible

[fuzzyfuzzyfungus]

Good job citizen: The absolutely insufferable 'language' and graphic design of that website is designed to keep dangerous, potentially pedophilic, adults away from vulnerable children. It is part of a broader campaign to make parts of the internet used by children utterly insufferable for those over the age of 12 for the safety of our children.

The program is already beginning to see considerable success...

Re:Posting that link was irresponsible

[OverTheGeicoE]

The front page of the 'texting toy' website begins with 'It sounds 2good2btru - but it's 4real!' and ends with my stomach contents, evacuated onto the floor. Shame on TheGeicoE for subjecting us to that.

Sorry. I have kids. They've desensitized me. I just wasn't thinking how innocent Slashdotters might react.

The article and the study have a less objectionable picture with some hexadecimal numbers on the screen.

Re:Posting that link was irresponsible

[KingAlanI]

yeah, that site drove me nuts real quick.
that much txt-speak is inexcusable if you're well under the character limit
you'd think that it would be easy to type out full words if you're that good at working a tiny keyboard

As Scotty once said...

[thomasdz]

"the more they over-think the plumbing, the easier it is to stop up the drain." (Star Trek III: The Search for Spock)

Police radios are often not encrypted

[Sycraft-fu]

And it is legal to listen in on them. Google for "police scanner".

Now I could see reasons why the FBI might have encrypted radios, but then again they also might decide such a thing isn't necessary, or that they should be selectable.

Either way, the idea of unencrypted police radio isn't surprising, it is the norm. That may change, but for now in most places a cheap scanner is all you need to listen to police radio, if you wish to do so.

there is better radio tech

[FudRucker]

try frequency hopping, or spread spectrum technology, no analog or digital scanner can receive them...

Re:there is better radio tech

[Opportunist]

I was thinking just that. Even jamming isn't easy unless you jam in such a wide spectrum that it becomes near trivial to sniff you out. Hell, I built a freq hopping communication toy, it's not rocket science.

Re:there is better radio tech

[sunderland56]

try frequency hopping, or spread spectrum technology, no analog or digital scanner can receive them...

Oh, really?

Most modern public service radio systems have used frequency hopping for the last 10 or more years. Consumer-oriented scanners, in general, only lag the latest technology development by a few months; and older scanners can usually be updated to new technology by a software update.

Re:there is better radio tech

[Obfuscant]

Most modern public service radio systems have used frequency hopping for the last 10 or more years.

You are confusing trunking with frequency hopping or spread spectrum.

Trunking has a dedicated control channel that tells every radio that is part of a talkgroup (predefined group) to "go to channel X" so everyone in the talkgroup hears the same thing. Yes, modern scanners can monitor that control channel and do the same thing. This channel hopping is done on a per-transmission basis. I.e., once the talker is assigned a transmission channel, he and all the receivers stay there until he lets up on the push-to-talk button.

Frequency hopping is based on a pseudo-random number generator that tells each radio independently "go to channel X" after a very short period of time on channel Y. Each radio acts on its own, there is no control channel for anyone to monitor. The pseudo-random sequence is different for each "talkgroup". The channel hopping happens based on time, not transmission. A one-second transmission may occur on thirteen or fifty different frequencies sequentially.

The http://www.trisquare.us/products.htm TriSquare eXRS products are an example of commercial public spread spectrum radios. They demonstrate the biggest problem with that kind of system: you need to know the "code" for who you want to talk to before you can talk to them. This is ok in a managed environment where everyone is assigned codes by a central authority that publishes the list. It's not good for someone who is driving down the road and wants to call someone in the area he's never talked to before.

The advantage to trunking is that it is relatively simple. The BIG downside from a public safety standpoint is that it DEMANDS a control system to tell everyone what to do. If your control system happens to be, say, on top of the building that has just collapsed, you don't use trunking anymore. It is also relatively easy to jam, and to listen to.

Another downside is that users must be trained to wait for the "go ahead" beep from their radios before talking. There is a non-zero amount of time between the push of the button and actual transmission, because the talk request must first go to the control system, the control system must find and allocate an empty channel, and then it must transmit that information to all users, including the user who wants to talk. Once this is done, the user can start talking. Sometimes, if there are no open channels, it doesn't happen right away.

The advantage to SS is that it is harder to jam and harder for eavesdroppers. That makes it harder for interoperability.

TANSTAAFL. Every system has tradeoffs.

Nothing New

[GrahamCox]

Back in the day, you could tune into the police on an ordinary FM radio (in the UK). They used the frequencies from 100 to 108 MHz before they got moved.

Reinventing the wheel?

[schwit1]

Is their some reason the feds are not using the same radios the military uses? I'm sure the DOD has some experience in secure portable communications.

Re:Reinventing the wheel?

[fuzzyfuzzyfungus]

Might want to be careful...

The "Oh, our Predators are using unencrypted video feeds over transmission hardware sufficiently similar that dirt-cheap satellite-TV piracy gear is enough to grab their feeds in real time" incident was sort of an ominous sign...

Re:Reinventing the wheel?

[onkelonkel]

Because encrypting analog radios costs extra money. Ask most police depts what they would rather have - 1000 encrypted portable radios, or 1000 portable radios that work with the portable radios and base stations they already have plus 1000 6 cell maglites.

Re:Reinventing the wheel?

[Yamioni]

plus 1000 6 cell maglites.

As long as I can get two to dual wield while cracking a perp's skull I'm in!

Re:Reinventing the wheel?

[onkelonkel]

My favorite quote, from some detective story, "Except for the fact that it lit up when you pushed a button on the side, the officer's flashlight would not have been out of place at the Battle of Agincourt"

It's a feature ...

[MacTO]

Traditionally, all police radio communications were unencrypted and anybody could buy a scanner from RadioShack to listen in. My understanding is that the press commonly used them and would publish what they learnt from it. And that was a good thing, because it forced the police to be a little more accountable.

Re:It's a feature ...

[ColdWetDog]

However, more recently, most police bands have gone encrypted. The thinking is that if the info is broadcast in the clear, the perps have a much better chance of avoiding the police and getting away with whatever they were planning. Broadcasting police information in the clear also has privacy implications (did you here that Fred Smith was busted for speeding last night?).

Slightly off topic - I have that exact radio shown in the TFA. It is a complete pile of garbage. It's UI is complex, non intuitive, poorly documented and buggy. The encryption switch is a tiny little ring around the channel switch knob. It's incredibly easy to turn it OFF when changing channels, especially with gloves on. The only visual clue is a tiny little "O" in the upper right hand corner of the crappy little low contrast LCD screen.

It seems like Motorola is really going downhill. They used to make great commercial / public service radios. They used to make great cell phones.

Sigh.

Re:It's a feature ...

[anubi]

What do we do when the "bad guys" game the system by listening to our police so they can vamoose before the police arrive?

Re:It's a feature ...

[tftp]

Broadcasting police information in the clear also has privacy implications (did you here that Fred Smith was busted for speeding last night?)

This is not directly transmitted over the air. The LEO may ask for 10-28 on a plate and the dispatcher says "Vehicle registered to Fred Smith, digits in Anytown, US" and that's basically all. Very little is reported over the air about the nature of the stop; it goes into the report, if there is any.

A typical 10-36, if transmitted, contains name and address of the subject, his DL number, DOB, warrants, and everything else that may be useful for ID. With just one such piece of information you can go and steal his identity. This is sent in the clear, at least where I live.

Re:It's a feature ...

[DarthBart]

The county I grew up in went with this thinking. They scored about $350K in a drug bust and used that to buy a high powered (transmitter output was 350W) Motorola 150Mhz encrypted radio system. The transmitter was located in the Texas hill country northwest of San Antonio and you could hear it down in Corpus Christi, but you had to have a 100W mobile to be able to talk back into it from about 20 miles from the transmitter. As a comparison, my father and I put a 75W Amateur Radio 145Mhz repeater system with cheaper equipment and smaller antennas and could cover the entire eastern half of the county with a 5W hand-held.

Then they had to shitcan the whole encryption system about 5 years later when the radios started dying and they couldn't afford to buy new encryption-capable Motorola radios. The guy in charge of the county radio system was a Tait dealer, and oddly enough the county started buying Tait radios.

Re:It's a feature ...

[adolf]

However, more recently, most police bands have gone encrypted.

Define "most."

I work in communications. Of the five or six counties I typically work in, all but one has recently moved to a statewide system based on P25 where law enforcement has been issued radios capable of encryption.

Of those four or five counties which have encryption-capable radios, only one agency in one single town uses it by default. Everyone else transmits in the clear by default, as a matter of policy.

Re:It's a feature ...

Come to Central Texas. All comms are encrypted, including Fire/EMS.

Re:It's a feature ...

I'm a ham, an ARES, and a CERT. Our city is putting ham stations in all the fire stations. Our fire chief just got his Tech license. We've put up 2m antennas on all the hospitals, fire stations, schools that might be shelters, etc. I'm trying to start new school ham clubs, and maintain existing clubs. We aren't recruiting cops and firemen, but if they want to become hams, we are happy to train them. The CB kinda cops usually get bored and leave the hobby when no one wants to be their friend. But, ham is a good way to go as long as the good guys maintain control.

You are thinking HAM frequencies

[Sycraft-fu]

You can't do encryption over HAM waves because it is supposed to be free and open to all that qualify, not a place for exclusivity. Also they want to be able to monitor to make sure people aren't using it for commercial purposes.

However on other bands, encryption is just fine. You really think the military uses unencrypted radio for all their communications?

For that matter, your cell phone is encrypted. Grated it isn't very good encryption, but it is encrypted. All digital cell phones are.

Re:You are thinking HAM frequencies

[Obfuscant]

You can't do encryption over HAM waves because it is supposed to be free and open to all that qualify, not a place for exclusivity. Also they want to be able to monitor to make sure people aren't using it for commercial purposes.

The reason is exclusively the latter. The former has nothing to do with it. As a repeater trustee (my callsign on the repeater) I can tell you not to use it and the FCC will back me up.

You actually can do encryption over ham radio. HSMM (high speed multi-media) is the ham version of 2.4G wireless. Encryption (WEP) is standard there. The rules prohibit encryption with the intent to hide the meaning. The HSMM folks publish the WEP key. They can't be intending to hide the meaning, therefore.

Second, Austria (I think it was. One of those "Aus..." countries, anyway.) has made it legal to encrypt domestic communications on frequencies above 50 MHz. Our USA ARRL cannot be arsed to push for the same rules for us.

It's not the 90's anymore

The changeover started pre 9/11, but the influx of Federal funds after that really kicked it into high gear. All or nearly all major metro areas now use digital, encryptable radio systems and they're spreading to smaller and smaller counties and cities. And thanks to the Publc Safety push they're using the P25 standard for interoperability.

It has made it much harder for journalists to learn about news-worthy incidents.

Funny from a Murdoch-owned paper

Anybody else see the irony of the Wall Street Journal reporting on how wireless devices can be intercepted?

Texting toy targeted at teenage girls?

[Ramin_HAL9001]

They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not."

A texting toy targeted at teenage twats 'twas transformed to twist transmissions 'tween totalitarian terrorist-tackling tards.

Math fail

"transmitting a 100ms pulse"

You want to try that again?

Re:Math fail

[hawguy]

"transmitting a 100ms pulse"

You want to try that again?

Well, more like a typo, meant to type "10ms", noticed that it after I posted, but didn't think it warranted a correction, since it doesn't change the basic premise of my post.

But thanks for the correction, you've added a lot of value to my post, Anonymous Coward!

you looking for what

[k4b]

The story is misleading in that it leads the non communications savvy reader to think that P25 itself is supposed to be inherently unmonitorable, which is not true. The biggest concern in this article would be the ability for P25 signals to be jammed (anyone’s not just Motorola’s). No matter who makes the radio, operator error is a fact of life. I work with people who can’t figure out how to switch zones on their radios after having had them for five years. That’s mainly because they don’t care, not because it’s particularly difficult.

Re:you looking for what

[Yamioni]

O.O

Holy run-on hyperlink Batman!

TETRA is proven alternative

[Sami+Lehtinen]

http://en.wikipedia.org/wiki/Terrestrial_Trunked_Radio - Encrypted and allows direct and infrastructure communication.

Re:TETRA is proven alternative

[shortscruffydave]

...and so is TETRAPOL (similar name, but different technology) http://en.wikipedia.org/wiki/TETRAPOL Between them, TETRA and TETRAPOL support all (or at lease the vast majority) of all European law enforcement and other emergency service organisations.

No need to even read TFA...

[Old+Sparky]

....the number one reason will be A DumbAss on a Backhoe.

Bullshit

Let's see, the main vulnerabilities appear to be jamming (which all radios except frequency hopping spread spectrum radios are susceptible to), and traffic analysis made possible by unique ids for each radio (something radios have had for decades). Yawn. Someone trying to make a name for themselves by making the digital threat sound more serious than the threats that have always existed.

Jamming is very hard to stop

[davidwr]

Software or hardware to filter the signal from the noise can help in a jamming environment but it's not a cure-all.

Unless you can stop the jammer from transmitting, stop your receiver from picking up the jamming signal, or you can simply overpower him, it's hard to stop a jammer.

For typical hand-held and automobile radios there isn't a good solution.

The most effective way to stop a jammer usually involves either finding and arresting the person responsible or destroying the transmitter. Sometimes a credible threat to do either will work as well.

What about direction finding?

[Xenophon+Fenderson,]

I've always wondered about wholly passive methods for police activity monitoring. For example, how difficult would it be to combine a GPS position fix and a DF setup to track nearby police cars or foot patrols? That's assuming law enforcement and emergency services use dedicated radio bands for communication. I guess eavesdropping would provide further information, but even just a position fix could be useful in the commission of a crime.

Why do they use

[kentsex]

Why do they use $1000 radios and not cheap, safe, cell phones ? Our tax dollars at work