Children's Toy is found capable of Jamming P25

[ScanWI]

Expensive high-tech digital radios used by the FBI, Secret Service, and Homeland Security are designed so poorly that they can be jammed by a $30 children's toy.

Security flaw found in feds' digital radios | Privacy Inc. - CNET News

 

[crayon]

That is awesome.

 

[mancow]

The article makes absolutely no sense. They say it can intercept something but do not say what it is exactly. There is nothing that can be obtained beyond what is already available with a digital scanner. so what is it they are claiming to have tained our achieved except a complaint that agencies are forgetting to encrypt?

 

[northscan23]

I assume they mean "jamming" in terms of interfering with digitial radio systems, not decoding encryption?

 

[crayon]

The article makes absolutely no sense.

Most of the cnet article was fluff, but this made sense to me:

A pulse lasting just 1/100th of a second, it turns out, is enough to disrupt the transmission of the metadata.

 

[rdale]

This article was written by someone with no idea about what he was writing... If anyone can find the actual paper that might fit things better.

 

[MtnBiker2005]

Here's a copy of the report.
Figure 7: Girltech IMME, with modified firmware
http://www.crypto.com/papers/p25sec.pdf

GirlTech IMME
http://uk.girltech.com/electronics-imMe.aspx

 

[jackj]

Are they saying that digital isn't as robust as analog? hmmm....imagine that!!!

 

[OCO]

I read the original UoP article from last November and scanned the new ones that mtnBiker2005 just provided. My first reaction was that those that have always wanted to interfere with any communications system could do so if they could afford it (in other words it took extensive knowledge and $$ to implement anything beyond brute force attacks, which limited who was going to do it to the really bad guys). Now, in the case of P25 systems, somebody's tax dollars have paid to have a group of highly talented individuals develop sophisticated attacks, develop the hardware do it and no doubt in the end will release the "how to's" to the P25 hacker version of "script kiddies". It will be interesting to see if APCO and the manufacturers reply to this and if they do, what their response to the supposed weaknesses in the encryption protocol will be. At any rate, good reading for anyone interested in the P25 protocol.....(IMHO)

There are reminders in the articles of the use of hobbyist equipment to analyze the systems....

JackJ: It reminds me of my complaint about the DTV conversion that my friends couldn't understand - there's no graceful degradation. If I'm watching severe weather warnings, I'd rather see a snowy picture than pixelation accompanied by squealing audio..

 

[blaze]

Hi,

My research group did the work cited in the article, which we will be presenting this afternoon at the Usenix Security conference in San Francisco.

I'd encourage those interested to read our paper rather than speculate. You can find the full paper at http://www.crypto.com/papers/p25sec.pdf (pdf format)

We also developed a number of mitigation strategies that will help avoid the unintended cleartext problems that we identified. You can find that at P25 Security Mitigation Guide

Best

-matt

 

[OCO]

Blaze:
1: Who funded the project - were there any radio manufacturers involved? Where did the idea for the project come from?
2: Is it the intention of the group to provide detailed instructions on how to duplicate your jammimg techniques?

 

[mancow]

The whole article boils down to a relatively sophisticated data injection can cause a target radio to repeat a packet transmission which might be useful for direction finding. (ooohkay... Seems like a long shot but whatever), and secondly, P25 radios are user intensive. That coupled with the fact encrypted audio sounds the same as clear traffic there is a tendency for users to accidentally select clear mode and not realize it. The suggested fix is to strap all units to secure only.

It's an interesting read for the technical content but definitely offers no real revelations.

 

[OCO]

But it makes good headlines.....I guess you'd have to pretty cynical to note that Pennsylvania Starnet is OpenSky which could benefit from having all eyes averted towards somebody else's "issues".. <hmmmm>

 

[Dude111]

The article makes absolutely no sense.

No and if it really does cause HARMFUL INTERFERENCE to digital systems,WHY DID THEY BOTHER TO TELL THE WORLD??

Pretty stupid!!!!

 

[ScanWI]

Ya I'd be curious if Harris has their hands in on this.

 

[KE4ZNR]

But it makes good headlines.....I guess you'd have to pretty cynical to note that Pennsylvania Starnet is OpenSky which could benefit from having all eyes averted towards somebody else's "issues".. <hmmmm>

I would hope and want to believe (knowing his past and appreciating his other contributions to technology in general) that Professor Blaze is above "shilling" for Harris/Opensky by trying to "demonize the competition" in a research paper.
Shame on CNET for making it sound like you could purchase one of these kid messaging devices and use it off the shelf to shut down your local entire Omnilink system. :roll:
I guess CNET really is hurting for adviews on their "news" site these days.
I appreciate all of the research that Professor Blaze has done in the technology field
in the past and I hope he can help clear up questions others ask above.
Marshall KE4ZNR

 

[blaze]

I find some of the questions here rather baffling. I've never heard of Pennsylvania Starnet, and I have no association with it, nor with Harris (or any other vendor, for that matter).

I guess the best I can suggest is to read our paper and our mitigation guide. We tried to make them as clear as we could. The paper is at http://www.crypto.com/papers/p25sec.pdf (in pdf format), and the guide is at P25 Security Mitigation Guide (html).

To answer the one question I understood. Our work was done as part of a fundamental research project examining the security of open wireless communications. It was funded by the National Science Foundation (as I believe our paper mentions, on page 16). The initial idea to explore the security and crypto usability of the P25 protocols and implementations was mine.

 

[KE4ZNR]

Thanks for clearing up those questions Professor and I hope you understand that transparency just helps quell the "who benefits from this study?" line of questioning.
As I mentioned above, I am familiar with other work you have done and have always
found your research to be fair and accurate.
Thanks for being a part of our small (but vocal as you found out) community and thanks for your continued contributions in
the technology universe.
Happy Monitoring
Marshall KE4ZNR

I find some of the questions here rather baffling. I've never heard of Pennsylvania Starnet, and I have no association with it, nor with Harris (or any other vendor, for that matter).

I guess the best I can suggest is to read our paper and our mitigation guide. We tried to make them as clear as we could. The paper is at http://www.crypto.com/papers/p25sec.pdf (in pdf format), and the guide is at P25 Security Mitigation Guide (html).

To answer the one question I understood. Our work was done as part of a fundamental research project examining the security of open wireless communications. It was funded by the National Science Foundation (as I believe our paper mentions, on page 16). The initial idea to explore the security and crypto usability of the P25 protocols and implementations was mine.

 

[mancow]

It's not that we are trying to bust your balls. Your research is interesting and you did quite a bit of work. However, this is a hobby forum and we tend to get a little edgy when warnings are sounded. What I think many are concerned about is the trend toward total encryption. It's bad enough as it is now and the Government is already starting to gin up support for some UK style nationwide broadband first responder network. Many of us have been monitoring for many years and many of us use these systems in our daily jobs. We know the limitations and weaknesses. We realize there are weaknesses in any system but we fear that studies like this will be used as ammo by corporations similar to the cellular industry to lobby brain dead law makers. We don't need project 26, 27 or whatever pushing everyone to some bizarre totally encrypted spread spectrum cellular type network. It might be secure from everyone but the NSA but is it really needed, and at what cost?

Right now the DEA in my area is still wide band analog and 100% in the clear. If any agency in the Nation could make a case for some sort of stealth system you would think it would be them but they aren't having any difficulty getting doors kicked. They have Securenet available to them but it sounds like hell, shortens useful range and is a nightmare to manage the keys in old key volatile Sabers. However, they use their heads, they work smart and deal with it. In contrast to that there is a relatively tiny agency to my South that is 100% encrypted on the State P25 system. People suggest that interoperability can be achieved by loaning radios with keys or sharing keys among agenices. It doesn't work. Everyone want's to be king of their own little fifedom. The result is a Trooper not being able to hear a car stop gone wrong literally a mile away while patrolling the area around or within that small agency. He must rely on some dispatcher that may or might not be properly trained to think about relaying the information because some bureaucrat doesn't want anyone else to have the keys to his system.

We don't need to spook the masses any more. It seems like we are living in a society half paralyzed from fear of things that MIGHT be a threat while ignoring the issues that actually are.

There is nothing wrong with examining security issues. Nobody can argue that. But a headline that basically shouts that the Government's most closely held information is somehow being threatened by a child's toy is far out and uncalled for. The article reads like it was written by someone that never saw a radio in his life. You have to dig into the actual paper to understand the real issue and who really will do that? We have law makers that won't read legislation right now that costs us 2 Trillion plus. Will they really care whether or not there is an actual viable threat here?

 

[mancow]

They are kind of saying that while saying both analog and P25 are more vulnerable than a spread spectrum system with all the information obscured not just the voice packets.

Fancy toys have fancy price tags and analog no longer generates sales of multi-hundred-million dollar systems. In the end you have to follow the money.

Are they saying that digital isn't as robust as analog? hmmm....imagine that!!!