Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Communications Australia Encryption Security Wireless Networking Technology

Security Researchers Crack APCO P25 Encryption 37

Posted by timothy from the breaker-breaker-this-is-roscoe-p-coltrane dept.
An anonymous reader writes "Two Australian security researchers, Stephen Glass and Matt Robert, have published a paper that details flaws in the encryption implementation (PDF) in the APCO Project 25 digital radio standard, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a DoS attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the OP25 project, which uses GNUradio to implement a P25 stack using software defined radio. With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab."
This discussion has been archived. No new comments can be posted.

Security Researchers Crack APCO P25 Encryption More

Security Researchers Crack APCO P25 Encryption

Comments Filter:

  • Re:I'd buy a USRP2 receiver (Score:3, Insightful)

    by b5bartender ( 2175066 ) on Saturday September 10, 2011 @12:08PM (#37362652)
    ...because anyone that wants to be able to monitor their public servants is obviously a hardened criminal.

  • Catastrophic incompetence (Score:5, Insightful)

    by thue ( 121682 ) on Saturday September 10, 2011 @12:48PM (#37362858) Homepage

    > Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. [...] Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0).

    Not a desirable property in a supposedly secure crypto system!

  • Re:Link to previous story (Score:3, Insightful)

    by Lord Crowface ( 1315695 ) on Saturday September 10, 2011 @05:53PM (#37364402)

    P25 wasn't originally designed with security in mind. It was designed as a standardized digital replacement for the mess of incompatible digital and analog trunking systems that had grown up in the 80s and 90s. In its basic, as-designed, unencrypted mode, it works well. It's only when local PDs and FDs decide to try and lock out scanner users (nominally to keep criminals from listening, but more often to keep away TV news crews) by means of ill-conceived encryption addons that things fall apart.

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close