[Noisebridge-discuss] project 25 0wned
Jake
jake at spaz.org
Mon Aug 22 11:53:01 UTC 2011
http://news.cnet.com/8301-31921_3-20090434-281/security-flaw-found-in-feds-digital-radios/?tag=mncol;posts
Security flaw found in feds' digital radios
By: Declan McCullagh AUGUST 9, 2011 11:59 PM PDT
77 comments
Expensive high-tech digital radios used by the FBI, Secret Service, and
Homeland Security are designed so poorly that they can be jammed by a $30
children's toy, CNET has learned.
A GirlTech IMME, Mattel's pink instant-messaging device with a miniature
keyboard that's marketed to pre-teen girls, can be used to disrupt
sensitive radio communications used by every major federal law enforcement
agency, a team of security researchers from the University of Pennsylvania
is planning to announce tomorrow.
Converting the GirlTech gadget into a jammer may be beyond the ability of
a street criminal for now, but that won't last, says associate professor
Matt Blaze, who co-authored the paper that will be presented tomorrow at
the Usenix Security symposium in San Francisco. CNET obtained a copy of
the paper, which will be made publicly available in the afternoon.
"It's going to be someone somewhere creating the Project 25 jamming kit
and it'll be something that you download from the Net," Blaze said. "We're
not there right now, but we're pretty close."
Project 25, sometimes abbreviated as P25, is the name of the wireless
standard used in the radios, which have been widely adopted across the
federal government and many state and local police agencies over the last
decade. The plan was to boost interoperability, so different agencies
would be able to talk to one another, while providing secure encrypted
communications.
The radios aren't cheap. A handheld Midland P25 Digital sells for $3,295,
and scanners are closer to $450.
But federal agents frequently don't turn encryption on, the researchers
found. (Their paper is titled "A Security Analysis of the APCO Project 25
Two-Way Radio System," and the other authors are Sandy Clark, Travis
Goodspeed, Perry Metzger, Zachary Wasserman, and Kevin Xu.)
follow the above link to see the whole article.
to read the paper itself, you can get the pdf from here: (for now)
http://repository.upenn.edu/cgi/viewcontent.cgi?article=1990&context=cis_reports&sei-redir=1#search=%22Security%20Analysis%20APCO%20Project%2025%20Two-Way%20Radio%20System%22
More information about the Noisebridge-discuss
mailing list