Feds' Radios Have Significant Security Flaws 84
OverTheGeicoE writes "The Wall Street Journal has a story describing how the portable radios used by many federal law enforcement agents have major security flaws that allow for easy eavesdropping and jamming. Details are in a new study being released today (PDF). The authors of the study were able to intercept hundreds of hours of sensitive traffic inadvertently sent without encryption over the past two years. They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not."
Re:You know what this means, don't you? (Score:4, Insightful)
She is fighting Homeland security, clearly she has NOT gone evil.
Re:Not everything is encrypted (Score:5, Insightful)
Because we want to minimize the amount of chatter that goes on behind closed doors?
You're 'sane' default leads to less checks and balances. No thanks. OTOH, very few criminal would actually know or do anything about this.
Police radios are often not encrypted (Score:4, Insightful)
And it is legal to listen in on them. Google for "police scanner".
Now I could see reasons why the FBI might have encrypted radios, but then again they also might decide such a thing isn't necessary, or that they should be selectable.
Either way, the idea of unencrypted police radio isn't surprising, it is the norm. That may change, but for now in most places a cheap scanner is all you need to listen to police radio, if you wish to do so.
Re:Not everything is encrypted (Score:5, Insightful)
And I'm not talking "Man, I hate trusting CA certs" pre-shared keys, I'm talking "Apparently, news of assymetric key cryptography hasn't made it to P25 land yet, and we have no option but to talk in the clear unless everybody we are talking to has been keyfilled ahead of time. Oh, also, none of our radios provide any warning when receiving a cleartext signal, they just decode and play exactly the same as if it were encrypted... We are deliberately ignoring everything that has been learned about maintaining encrypted channels under real world conditions here, apparently!"
Re:Not everything is encrypted (Score:5, Insightful)
Why shouldn't essentially everything be encrypted? That sounds like the sane default to me.
Because encryption requires management of encryption keys, which require security clearances for people who go around loading keys in radios and need to store keys locally.
It creates a terrible headache for backup radio systems and radio caches. I.e., the feds have several large storage areas for equipment that is needed in a disaster but wouldn't get much use otherwise. Someone would need to keep all those radios keyed up to date if everything was encrypted. Also, the radios need better security if they are encrypted. I manage a stack of about two dozen radios -- it would be a real PITA if I had to get a clearance so I could go rekey them once a week.
For CAP (Civil Air Patrol), they are getting/have gotten encryption capable radios. Out here, there is nobody with a clearance to manage the keys and keying of radios. It also shuts out personally owned equipment use, and mostly there isn't much that needs to be encrypted in the first place. CAP is getting this capability because they sometimes in some areas support fed agencies that want encrypted traffic. (The aircraft radios won't do it, anyway.)
And finally, encryption really puts the nail in the coffin of the idea of "interoperability"; that is, different agencies being able to communicate with each other when they need to. E.g., a major forest fire needs people from many agencies and different fire departments to fight it. They all show up with their own radio equipment. Interop means they all have standard channels (VTAC, VCALL, UTAC, etc) (look up "NIFOG" in google for the field guide that defines this all) and can talk to each other as soon as they arrive. Encryption means those who have encryptable radios have to get the right keys installed before they can do anything, and those without encryptionable radios don't talk to anyone.
And really, finally, encryption does NOTHING to prevent the issues of jamming and interference. The only people who haven't figured out that P25 digital systems have nowhere near the coverage as the old analog wideband systems are the radio manufacturers making billions selling the new P25 whiz-bang radios. We did a simple test out here (somewhere on the west coast) comparing P25 to analog narrowband, and P25 would fail where analog narrowband woked fine. One company (with the intials "M") came out here and proposed a trunked digital system to replace all the local public service systems, and they wound up with about thirty radio sites to provide the same coverage that we are getting with a dozen. Just doesn't work as well, and that's personal experience.