The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today.
While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations.
“We monitored sensitive transmissions about operations by agents in every Federal law enforcement agency in the Department of Justice and the Department of Homeland Security,” wrote the researchers, who were led by computer science professor Matt Blaze and plan to reveal their findings Wednesday in a paper at the Usenix Security Symposium in San Francisco.
Their research also shows that the radios can be effectively jammed using a pink electronic child’s toy and that the standard used by the radios “provides a convenient means for an attacker” to continuously track the location of a radio’s user.
The authors say they are extremely concerned about the security lapses found in the radios, which are used by the FBI and Homeland Security as well as state and local law enforcement. “We strongly urge that a high priority be placed” on a “substantial top-to-bottom redesign” of the system, dubbed P25, they write.
Members of the research group say they have contacted the Department of Justice, Homeland Security and other agencies. The group has created a website with information law enforcement groups can use to help mitigate the problems. A paper published last year also warned about security weaknesses in the radios.
The FBI did not immediately have a comment about the group’s findings. The Association of Public-Safety Communications Officials, which coordinates the technology used in the radios, did not immediately respond to a request for comment.
The problems with the handheld or in-car radios range from the technologically complex to the unbelievably simple.
One of the difficulties: The switches and indicators on the radios may be easy to miss and may not make it clear that transmission is being sent in an unencrypted way. Sometimes, researchers found, law enforcement agents were broadcasting their messages to outsiders but believed they were operating in encrypted mode. “In some cases, this involved one user explaining to another how to set the radio to encrypted mode, but actually described the procedure for setting it to clear mode,” the researchers reported.
Another problem: The messages sent over the radios are sent in segments, and blocking just some of these segments can result in the entire message being jammed. With other systems, jammers have to expend a lot of power to block communications, but the P25 radios allow jamming at relatively low power, enabling the researchers to prevent reception using a $30 toy pager designed for pre-teens.
In studying the transmissions themselves, the researchers used $1,000 receivers marketed to radio hobbyists and operated in two metropolitan areas, which the study’s authors would not disclose.
The paper, called “Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System,” was co-authored by Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman and Kevin Xu.
Thursday, August 11, 2011
Praxis: Security Flaws in Feds’ Radios Make for Easy Eavesdropping
Now isn't this interesting?