• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 Security Weaknesses VIDEO

Status
Not open for further replies.

ntnahed

Member
Joined
Jan 25, 2004
Messages
56
Location
Austin, Texas. Actually born here!
I read DJX's thread with great interest, and I'd just like to mention that the subject is P25, not trunking or DES... One of the points made in this vid is that it IS possible to jam encrypted P25 transmissions, forcing users to transmit in the clear, thus making encryption moot. Denial of Service attacks have also proven feasible. As in, it's been done.

This is a VERY interesting video of a powerpoint presentation by Matt Blaze at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA. Blaze is one of the Penn U team who wrote the paper on P25 Security Weaknesses that was posted in this forum by DJX.

A Security Analysis of the APCO Project 25 Two-Way Radio System - YouTube

"Abstract: We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat."

Apparently, P25 is not nearly as secure as it was advertized to be. This vid covers jamming by forcing users to transmit in the clear by garbling encrypted traffic and denial of service attacks using the Girltech IMME toy instant messenger priced at $15. There's a unicorn on the box...
To quote Blaze,
" We developed our own P25 jamming firmware... It turns out to work ENTIRELY EFFECTIVELY."
(14:45 on the vid)

Using one of these:
Amazon.com: Radica IM Me Wireless Handheld Device: Toys & Games

And, BTW, instructions for re-flashing the toy are already on the 'net:

Travis Goodspeed's Blog: IM ME GoodFET Wiring Tutorial

So - A girl's toy, linear amp and some basic computer skills can jam an entire P25 system? This kind of reminds me of the stories about the Serbs in Yugoslavia using modified microwave ovens to trick NATO aircraft into firing $100,000 anti-radar missiles at phony anti-aircraft sites...
 

greenthumb

Colorado DB Administrator
Database Admin
Joined
Feb 29, 2004
Messages
1,942
I don't know that P25 was ever advertised to be a secure protocol. If you use 256 bit AES, that will secure your voice transmissions from being decoded. Nothing about AES or P25 has ever been touted as the all-encompassing end-all for public safety two-way wireless communications security. Any RF protocol (including analog) is subject to DoS via jamming. On the subject of jamming - what is described is more of a social engineering attack since they are jamming the encrypted communications, but not the communications in the clear. Thus, when the users try and switch to clear mode to see if the digital transmissions go away and they do, the result is that the un-educated user took the action because they were tricked.
 

kb0uxv

Member
Joined
Oct 22, 2009
Messages
230
Location
Minnesota
Great, now people can start messing with P25 systems like the old analog ones.

Our old VHF system was plagued by a man who would break in on calls, play music on our main, swear on the radio, etc. My guess is he moded a ham radio or programmed a commercial radio with the info on this website. Maybe if he reads this thread he will figure out how to mess with our TRS.

My opinion: posting info on how to interfere with P25 systems, break DES-OFB, make system keys and put a radio on a TRS, etc in public forums is irresponsible. This is good info to know about, for people in the industry, but does it need to be in the clear?
 

krokus

Member
Premium Subscriber
Joined
Jun 9, 2006
Messages
6,116
Location
Southeastern Michigan
Wirelessly posted (BlackBerry8530/5.0.0.973 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/105)

Knowledge is a tool. Any tool can be put to nefarious use.
 

com501

Member
Joined
Sep 28, 2003
Messages
1,615
Location
127.0.0.1
How to build a nuclear weapon is on the 'net too, but not many people build them (we hope).

Information is what the Internet was build for. How you use it is your moral dilemma....
 
Status
Not open for further replies.
Top