Homes raided, stolen police radio data put officers at risk
- Thread starter OH-SIGINT
- Start date
- Status
TailGator911
Silent Key/KF4ANC
When they refer to the 'key' in the article, is it the encryption key or is there an overall programming key proprietary to each Motorola radio in the system? Regardless, I am glad they are making progress in the investigation. Bad guys with scanners and scanner cell phone apps are bad enough, but bad guys with stolen police radios are the worst.
JD
kf4anc
JD
kf4anc
davidzimmerman
Member
the way i read it maybe both the system key and encryption keys who know
Not encryption. System keys and data. Sounds like radios were cloned or the data was entered from a copied template and they used valid system ids.
They said the radios were stolen but are we sure? Is it auction radios from surplus, or in fact stolen?
None the less it's going to be interesting to see if they were all actually affiliating or passive and improperly programmed.
If so this will be a big eye opener for those passively monitoring.
It isn't encryption. Only way was is the kvl itself had to have been stolen or one of them assigned for that entity.
If Kvl had gone missing you'd think admin would say hey its gone and reprogram the fleet in a emergency type condition until the issue was resolved.
This should be a eye opener for those reading and writing radios that belong to a department and government entity.
Even if it's conventional systems you reading the data is now a computers crime. Your personal device also becomes fully subject to foia and records in your state and can be seized to determine or copy data. Just a warning for those thinking they can read away even in conventional. The data is where in conventional computer crimes will fall, trs it'll be both.
They said the radios were stolen but are we sure? Is it auction radios from surplus, or in fact stolen?
None the less it's going to be interesting to see if they were all actually affiliating or passive and improperly programmed.
If so this will be a big eye opener for those passively monitoring.
It isn't encryption. Only way was is the kvl itself had to have been stolen or one of them assigned for that entity.
If Kvl had gone missing you'd think admin would say hey its gone and reprogram the fleet in a emergency type condition until the issue was resolved.
This should be a eye opener for those reading and writing radios that belong to a department and government entity.
Even if it's conventional systems you reading the data is now a computers crime. Your personal device also becomes fully subject to foia and records in your state and can be seized to determine or copy data. Just a warning for those thinking they can read away even in conventional. The data is where in conventional computer crimes will fall, trs it'll be both.
mmckenna
I ♥ Ø
The article was written by a journalist, not a radio tech.
The journalist got the information from a police officer, not a radio tech.
So, take the wording with a pound of salt.
Encryption Keys cannot be removed from the radio.
The radio ID and programming file were likely read from the radio and duplicated.
In other words, a fault with many trunking systems.
ESN validation would fix this.
Read and Read/Write passwords on the radios would fix this.
The journalist got the information from a police officer, not a radio tech.
So, take the wording with a pound of salt.
Encryption Keys cannot be removed from the radio.
The radio ID and programming file were likely read from the radio and duplicated.
In other words, a fault with many trunking systems.
ESN validation would fix this.
Read and Read/Write passwords on the radios would fix this.
Exactly. It kills me to see nobody locking their plugs down or have any type of validation when it can be used.
I'm willing to be they used the infamous keyGen thing, after copying data from units or a unit that was turned into a shop of sorts then someone got idea to read it or several.
If they were stolen question is where did they come from and did they read those and clone data or have surplus bought radios snd load the same data in from the stolen.
It'll be interesting to hear the full details on this.
mmckenna
I ♥ Ø
There's a lot of failures with the current systems.
A combination of vendors, APCO and the system administrators are all to blame.
I'm running a Kenwood NexEdge trunked system along with my other systems. The NexEdge protocol does ESN validation. The radio ESN (hard coded at the factory) must match the radio ID in the system or it won't work. No TX, No RX, no nothing.
Radios also have read, write and read/write passwords. (unfortunately someone leaked the engineer software key that can defeat this, but the thought was there).
Not that any of this wont' eventually be hacked, but it's better than a lot of the crappy systems that are out there.
Not surprising this happened, and surprised it doesn't happen more often. Would be interesting to be a fly on the wall when the system administrators have to answer for this.
A combination of vendors, APCO and the system administrators are all to blame.
I'm running a Kenwood NexEdge trunked system along with my other systems. The NexEdge protocol does ESN validation. The radio ESN (hard coded at the factory) must match the radio ID in the system or it won't work. No TX, No RX, no nothing.
Radios also have read, write and read/write passwords. (unfortunately someone leaked the engineer software key that can defeat this, but the thought was there).
Not that any of this wont' eventually be hacked, but it's better than a lot of the crappy systems that are out there.
Not surprising this happened, and surprised it doesn't happen more often. Would be interesting to be a fly on the wall when the system administrators have to answer for this.
crash1
Member
They make it sound like the radios have been encrypted since the 1930sthere was no officer safety concern there and I never heard of any issues with transmissions in the clear.
From the article, it sounds like they cloned a radio, then created more templates from there. Also was "local" though Stark County is moving to MARCS. It is also implied that they could transmit and most law enforcement here is encrypted, again no facts or knowledge. Usually systems these days have some type of auditing software to catch cloned or unauthorized radios on the system, and reading between the lines, it was slow to catch on, but that is how they were caught.
mszabo2000
Member
I'm curious, why do you believe the system admins are at fault for illegal activity? If someone breaks into your house are you responsible?
Let's be frank, pirated software to modify radios, program radios, and generate system keys have been available for years on the web. All the information needed to program a radio including radio ID's is available on RR or through monitoring software.
Cloning an active ID will impact the operation of the legal radio and could endanger the life of the user. The takeaway from this is simple, don't clone radios because if you do, you will get caught.
Sent from my Pixel 2 XL using Tapatalk
What Funny is there was a few Auctions Not Long Ago on https://www.govdeals.com/index.cfm
with Radio Equipment from Canton Ohio along with a Whole Lot of Assorted Items from Fire / PD and Public Works Stuff
It Wouldnt Surprise Me if Some of those Radios were in Fact Still in Tact and the Media is Only Stating that a Cloning was Performed--Im Leaning More Toward the Public Auction Area Myself
I was Looking A few Nites Ago and there was Alot of Full Loaded Repeater Cabinets & Radios For Sale
with Radio Equipment from Canton Ohio along with a Whole Lot of Assorted Items from Fire / PD and Public Works Stuff
It Wouldnt Surprise Me if Some of those Radios were in Fact Still in Tact and the Media is Only Stating that a Cloning was Performed--Im Leaning More Toward the Public Auction Area Myself
I was Looking A few Nites Ago and there was Alot of Full Loaded Repeater Cabinets & Radios For Sale
Last edited:
mmckenna
I ♥ Ø
I didn't say they are fully at fault. They share in the fault. Maintaining control of the system, monitoring for duplicated ID's, etc. are all part of the job. Systems that have been designed/operated without the ability to control access is part of the issue, too. Agencies that buy these complex systems but don't understand how to secure they share in the blame, too.
Any radios that are lost/stolen should be reported to the system administrator and should have their ID's deactivated in the system. All unused radio ID's should be marked inactive.
Yep, and the big companies know this and have (for the most part) failed to do anything about it. Kenwood has improved control over some of their newer softwares.
P25 has it's failings, too. APCO should have known this and designed some better controls into their system.
Yet many do, and then they get upset when someone tells them to "just buy a scanner".
I used to have an old SmartNet system. Had a few bootleg radios end up on the system. Turns out it was the local Motorola shop doing it. It was "just easier" to clone existing radios than asking me for a new radio ID. Made rebanding a much harder task when we had radios on the system we were not aware of.
Word is that some part time / reserve officers within the police dept are actually the one's who are guilty.
Notice how the article mentions that "some were armed". Duh. Cops carry guns.
So, its not like a bunch of Russian Hackers came in and infiltrated the Canton PD.
It is more a result of the police department's own incompetence.
Let's not forget that sometimes it's entirely the vendor's fault. Motorola has a feature, and forgive me, I SHOULD know what it's called, maybe personality lock? that when enabled restricts the radio to being read and programmed only from computers that are authorized to program that radio.
I've encountered a lot of XTS3000s that were legitimately sold at a county surplus auction, had this feature, were still programmed, still live on the system, and could NOT be deprogrammed due to that rather poorly conceived feature.
What could be done with those radios? Options were limited.
Send them to the Motorola depot for deprogramming (and remove that feature while you're at it. It's nothing but trouble.) $$$ spent if they'll even do it. They might not. They might consider the radios stolen property and cause trouble. That would require the selling agency to have to jump in and say "Yeah we sold those at auction. But because of this problem we're reclaiming them. We can't have those live radios out in the wild."
Get the radio shop that originally programmed them to wipe them. They may or may not do it. Probably depends on whether or not the system managers understand the problem and are willing to be helpful.
Junk the radios.
Seek alternative means of correcting the problem. Things not spoken of here.
In the case of the radios I encountered, I was very lucky to have established a positive and productive conversation with the radio shop that had programmed them for that county as well as the agency that owned them. I shipped those radios to that shop, they deprogrammed them free of charge, and sent them back to me. It only cost me shipping one way. And that agency improved its radio retirement procedures so that it's less likely to happen in the future. All radios to be retired go thru the radio shop for proper deprogramming and reset to the factory default test codeplug.
I've encountered a lot of XTS3000s that were legitimately sold at a county surplus auction, had this feature, were still programmed, still live on the system, and could NOT be deprogrammed due to that rather poorly conceived feature.
What could be done with those radios? Options were limited.
Send them to the Motorola depot for deprogramming (and remove that feature while you're at it. It's nothing but trouble.) $$$ spent if they'll even do it. They might not. They might consider the radios stolen property and cause trouble. That would require the selling agency to have to jump in and say "Yeah we sold those at auction. But because of this problem we're reclaiming them. We can't have those live radios out in the wild."
Get the radio shop that originally programmed them to wipe them. They may or may not do it. Probably depends on whether or not the system managers understand the problem and are willing to be helpful.
Junk the radios.
Seek alternative means of correcting the problem. Things not spoken of here.
In the case of the radios I encountered, I was very lucky to have established a positive and productive conversation with the radio shop that had programmed them for that county as well as the agency that owned them. I shipped those radios to that shop, they deprogrammed them free of charge, and sent them back to me. It only cost me shipping one way. And that agency improved its radio retirement procedures so that it's less likely to happen in the future. All radios to be retired go thru the radio shop for proper deprogramming and reset to the factory default test codeplug.
Stupidfatkid
Member
What a bunch of meatheads. At the least these guys are going to be poor for the rest of their lives. I can only imagine the fines they'll face. And for what? With what they did they had no more access to listen than a common scanner.
Canton PD uses encryption, so with the stolen radios they could hear stuff that a scanner can't.
kayn1n32008
ØÆSØ
What are the odds that some of these morons are members here?
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
Stupidfatkid
Member
Federal and local authorities raided seven homes Monday, seizing weapons and cloned police radios.
Listening on a stolen radio sure, but how are they listening to encrypted traffic on the cloned radios? I didn't think you could clone an encryption key (i.e. you can't read an encryption key out of a radio). What I took from the article is that someone got a hold of a legit codeplug somehow and then pushed it into a bunch of unauthorized/personally owned radios.
Stupidfatkid
Member
Hah.. I had the same thought.
Love this comment, "cloning the information and duplicating it onto police radios sold on the black market"
wonder if the writer thinks eBay is a black market.
wonder if the writer thinks eBay is a black market.
- Status
Similar threads
