A two-year study at the University of Pennsylvania showed the way federal law enforcement agencies communicate is decidedly not secure. The researchers were able to use hobbyist-grade radio receivers to listen in on conversations about undercover agents, informants, and ongoing and future operations. It’s like The Wire, only the exact opposite.
The group was able to spy on “every Federal law enforcement agency in the Department of Justice and the Department of Homeland Security”. The main problem with the radio in question — the P25 digital two-way radio system — seems to be that the setting to turn encryption on is confusing as hell. This led to a lot of unencrypted messages and more than a few overheard conversations attempting to instruct users how to turn encryption on, but really having them turn it off.
Most embarrassing, though, is that the radios themselves are susceptible to jamming. An attacker can target only a single uplink channel and deny the entire network. That low of a threshold allowed researchers to effectively jam the P25’s signals with a $US30 preteen pager. A pager, people. And because the hardware necessary to cripple whole networks on the radio is so cheap, the researchers warned of an Ocean’s Eleven-esque scenario where thousands of the devices are placed in locations around a city, attached to taxis or in public places. Which would be chaos. [WSJ]