Slashdot – 09/09/2011
Two Australian Security researchers, Stephen Glass and Matt Robert have published a paper that details flaws in the encryption implementation (PDF) in the APCO Project 25 digital radio standard, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a Denial of Service (DoS) attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the OP25 project, which uses GNUradio to implement a P25 stack using software defined radio. With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab.
Insecurity in Public Safety Communications APCO Project 25
Full article from the Fort Worth Star-Telegram:
"Their lifelines have become Facebook; websites with pages dedicated to the fires; and live public safety audio feeds on sites such as RadioReference.com. Late Monday afternoon, more than 600 people were listening to the Palo Pinto County Sheriff's Department scanner through RadioReference.com, making it the site's most popular feed in the country."
Monitoring public safety radio systems like the Palo Pinto Sheriff's Office have become vital for the protection of lives and aids in the decision making process of persons threatened by this disastrous situation.
Nevertheless, police in my home town of McKinney, Texas encrypt all routine calls blocking out the citizens and news media. Scrambling narcotics, tactical, and investigations makes perfect sense.
Scrambling everything smacks of a "secret police" which is very much out of place in a free and democratic society like America.
According to McKinney police Deputy Chief Scott Brewer in a recent newspaper article:
"...so it's much clearer," Brewer said. "It has increased versatility including the ability to filter out some ambient noise..."
Has he even listened to P25 digital radio? Listen to the sound quality in the following video and decide for yourself if what Brewer is saying is true.
Embed Embed this video on your site
It is very succeptable to background noise and voices sound "robotic". P25 is so succeptable to background noise, fire departments nationwide have safety concerns while on duty.
We have the option when we're out there transmitting for our officers to select a channel to be encrypted," Brewer said, "when we go into those operations or situations where it's in the best interest of all the stakeholders involved to use the encrypted function.
This is patently untrue. ALL police radio traffic is encrypted. Not just "a channel to be encrypted".
The majority of the "stakeholders" i.e. the citizens of Mckinney, the media, and taxpayers, have been blocked out.
McKinney police Deputy Chief Scott Brewer said dispatchers made the switch to the new system at the end of February.
"Everyone's voice is transmitted in a digital voice, so it's much clearer," Brewer said. "It has increased versatility including the ability to filter out some ambient noise and overall, this is the radio technology that is progressing forward in this digital age and where the technology is leading to, so one of the biggest pros is that the city stays progressive and stays up to date on the latest radio technology for communication."
The new radio system also gives public safety personnel the option of blocking their transmission by encrypting the signal to outside radio traffic, Brewer said.
According to the stories about the controversial Orlando, Florida P25 radio project, the city of 185,000 people spent $6.2 million for a system-wide upgrade. Was McKinney, population 131,000 taken advantage of in terms of pricing? As stated in the news story, Orlando saved taxpayers by buying sooner than later. So it would seem.
That's a drastic jump in a year's time.
Meanwhile the City is in the midst of a financial crisis with overtime limitations, hiring freezes, and projected budgetary shortfalls.
McKinney BF4 Verbiage - Motorola Radio System Project 25
By RACHAEL GRAY
Citizens with older model scanners in their homes may have noticed a dead silence late in 2009 when the Federal Communications Commission mandated an upgrade in standards.
Thanks to Support Services Director Kathy McGaughey of the Garden City Police Department, local emergency response teams hardly missed a beat when McGaughey researched options and helped ease the transition into a new radio system.
In order to listen to the new frequencies, people would have had to buy scanners that range in the $500 range, or try their luck with Internet broadcast frequencies. But now, even with those two tools police department traffic no longer can be heard because of software installed on the radios that encrypt, or scramble, the messages to the outside world.
Garden City police Sgt. Michael Reagle said when the radio systems were first changed over, department officials didn't know they had the option to encrypt. He said when the software was presented to make it possible, the department made the decision to scramble the signals.
He said the cost of the encryption program was part of the overall cost of installing the new radio system, but the department did have to purchase encryption for some radios that did not come with it.
He said for the 43 radios that did not come with encryption, the department spent $2,795, about $65 for each radio.
He said the main factors weighing into the decision to encrypt were the safety of the officers and the ability to catch criminals.
"The primary factor is the safety of the officers. Basically, it boils down to officers can now respond and coordinate efforts for certain incidents, and everyone doesn't hear it," he said.
He said encrypting police scanner traffic also can aid in catching criminals, who may have access to scanners during crimes in progress, such as burglaries.
"Scanner traffic is available online now, and there are even applications for smart phones," he said.
The population was 38,967 at the 2000 census, Greater Findlay Area was at 45,284.
City police are planning on keeping their live radio communications a secret.When Findlay joins the state's Multi-Agency Radio Communications System, likely within the next month, the police department plans to encrypt radio communications of "everyday operations" so they can't be understood on radio scanners.It's an effort to improve officer safety and to prevent criminals from using scanners to avoid arrest, according to Sgt. Randy Digby of the Findlay Police Department."Everyone in 'scannerland' hears everything," said Findlay Safety Director Jim Barker. "A couple of investigations have been compromised because of people knowing what the police department is doing."