Slashdot Mirror
Feds' Radios Have Significant Security Flaws
OverTheGeicoE writes "The Wall Street Journal has a story describing how the portable radios used by many federal law enforcement agents have major security flaws that allow for easy eavesdropping and jamming. Details are in a new study being released today (PDF). The authors of the study were able to intercept hundreds of hours of sensitive traffic inadvertently sent without encryption over the past two years. They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not."
Obviously, any RF device can be jammed(if nothing else, a correctly crafted jamming signal could cause destructive interference resulting in zero signal at the receiver site; but good luck with that one...); but the difficulty of doing so can vary widely. If a spark-gap that blacks out the east coast and draws complaints from the FCC-analogs of 6 nearby countries jams something, the designer gets a pass. If some FCC approved kiddie toy can jam it, the system is likely being attacked in a manner significantly more sophisticated than brute force...
From TFA: " But, as we will see below, the situation is actually far more favorable to the jammer than analysis of its modulation scheme alone might suggest. In fact, the aggregate power level required to jam P25 trafc is actually much lower than that required to jam analog FM. This is because an adversary can disrupt P25 trafc very efciently by targeting only specific small portions of frames to jam and turning off its transmitter at other times... It is therefore unnecessary for an adversary to jam the entire transmitted data stream in order to prevent a receiver from receiving it. It is sufcient for an attacker to prevent the reception merely of those portions of a frame that are needed for the receiver to make sense of the rest of the frame. Unfortunately, the P25 frame encoding makes it particularly easy and efcient for a jammer to attack these subelds in isolation."
Oops: A sophisticated digital RF transmission mechanism substantially more vulnerable to jamming than analog narrowband...
Because we want to minimize the amount of chatter that goes on behind closed doors?
You're 'sane' default leads to less checks and balances. No thanks. OTOH, very few criminal would actually know or do anything about this.
The Kruger Dunning explains most post on
Apparently, aside from user interface failings, the system is based on manual keyfill and pre-shared keys...
And I'm not talking "Man, I hate trusting CA certs" pre-shared keys, I'm talking "Apparently, news of assymetric key cryptography hasn't made it to P25 land yet, and we have no option but to talk in the clear unless everybody we are talking to has been keyfilled ahead of time. Oh, also, none of our radios provide any warning when receiving a cleartext signal, they just decode and play exactly the same as if it were encrypted... We are deliberately ignoring everything that has been learned about maintaining encrypted channels under real world conditions here, apparently!"
Why shouldn't essentially everything be encrypted? That sounds like the sane default to me.
Because encryption requires management of encryption keys, which require security clearances for people who go around loading keys in radios and need to store keys locally.
It creates a terrible headache for backup radio systems and radio caches. I.e., the feds have several large storage areas for equipment that is needed in a disaster but wouldn't get much use otherwise. Someone would need to keep all those radios keyed up to date if everything was encrypted. Also, the radios need better security if they are encrypted. I manage a stack of about two dozen radios -- it would be a real PITA if I had to get a clearance so I could go rekey them once a week.
For CAP (Civil Air Patrol), they are getting/have gotten encryption capable radios. Out here, there is nobody with a clearance to manage the keys and keying of radios. It also shuts out personally owned equipment use, and mostly there isn't much that needs to be encrypted in the first place. CAP is getting this capability because they sometimes in some areas support fed agencies that want encrypted traffic. (The aircraft radios won't do it, anyway.)
And finally, encryption really puts the nail in the coffin of the idea of "interoperability"; that is, different agencies being able to communicate with each other when they need to. E.g., a major forest fire needs people from many agencies and different fire departments to fight it. They all show up with their own radio equipment. Interop means they all have standard channels (VTAC, VCALL, UTAC, etc) (look up "NIFOG" in google for the field guide that defines this all) and can talk to each other as soon as they arrive. Encryption means those who have encryptable radios have to get the right keys installed before they can do anything, and those without encryptionable radios don't talk to anyone.
And really, finally, encryption does NOTHING to prevent the issues of jamming and interference. The only people who haven't figured out that P25 digital systems have nowhere near the coverage as the old analog wideband systems are the radio manufacturers making billions selling the new P25 whiz-bang radios. We did a simple test out here (somewhere on the west coast) comparing P25 to analog narrowband, and P25 would fail where analog narrowband woked fine. One company (with the intials "M") came out here and proposed a trunked digital system to replace all the local public service systems, and they wound up with about thirty radio sites to provide the same coverage that we are getting with a dozen. Just doesn't work as well, and that's personal experience.