ntnahed
Member
I read DJX's thread with great interest, and I'd just like to mention that the subject is P25, not trunking or DES... One of the points made in this vid is that it IS possible to jam encrypted P25 transmissions, forcing users to transmit in the clear, thus making encryption moot. Denial of Service attacks have also proven feasible. As in, it's been done.
This is a VERY interesting video of a powerpoint presentation by Matt Blaze at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA. Blaze is one of the Penn U team who wrote the paper on P25 Security Weaknesses that was posted in this forum by DJX.
A Security Analysis of the APCO Project 25 Two-Way Radio System - YouTube
"Abstract: We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat."
Apparently, P25 is not nearly as secure as it was advertized to be. This vid covers jamming by forcing users to transmit in the clear by garbling encrypted traffic and denial of service attacks using the Girltech IMME toy instant messenger priced at $15. There's a unicorn on the box...
To quote Blaze,
" We developed our own P25 jamming firmware... It turns out to work ENTIRELY EFFECTIVELY."
(14:45 on the vid)
Using one of these:
Amazon.com: Radica IM Me Wireless Handheld Device: Toys & Games
And, BTW, instructions for re-flashing the toy are already on the 'net:
Travis Goodspeed's Blog: IM ME GoodFET Wiring Tutorial
So - A girl's toy, linear amp and some basic computer skills can jam an entire P25 system? This kind of reminds me of the stories about the Serbs in Yugoslavia using modified microwave ovens to trick NATO aircraft into firing $100,000 anti-radar missiles at phony anti-aircraft sites...
This is a VERY interesting video of a powerpoint presentation by Matt Blaze at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA. Blaze is one of the Penn U team who wrote the paper on P25 Security Weaknesses that was posted in this forum by DJX.
A Security Analysis of the APCO Project 25 Two-Way Radio System - YouTube
"Abstract: We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat."
Apparently, P25 is not nearly as secure as it was advertized to be. This vid covers jamming by forcing users to transmit in the clear by garbling encrypted traffic and denial of service attacks using the Girltech IMME toy instant messenger priced at $15. There's a unicorn on the box...
To quote Blaze,
" We developed our own P25 jamming firmware... It turns out to work ENTIRELY EFFECTIVELY."
(14:45 on the vid)
Using one of these:
Amazon.com: Radica IM Me Wireless Handheld Device: Toys & Games
And, BTW, instructions for re-flashing the toy are already on the 'net:
Travis Goodspeed's Blog: IM ME GoodFET Wiring Tutorial
So - A girl's toy, linear amp and some basic computer skills can jam an entire P25 system? This kind of reminds me of the stories about the Serbs in Yugoslavia using modified microwave ovens to trick NATO aircraft into firing $100,000 anti-radar missiles at phony anti-aircraft sites...