Security Researchers Crack APCO P25 Encryption 37
An anonymous reader writes "Two Australian security researchers, Stephen Glass and Matt Robert, have published a paper that details flaws in the encryption implementation (PDF) in the APCO Project 25 digital radio standard, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a DoS attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the OP25 project, which uses GNUradio to implement a P25 stack using software defined radio. With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab."
Re:I'd buy a USRP2 receiver (Score:3, Insightful)
Catastrophic incompetence (Score:5, Insightful)
> Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. [...] Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0).
Not a desirable property in a supposedly secure crypto system!
Re:Link to previous story (Score:3, Insightful)
P25 wasn't originally designed with security in mind. It was designed as a standardized digital replacement for the mess of incompatible digital and analog trunking systems that had grown up in the 80s and 90s. In its basic, as-designed, unencrypted mode, it works well. It's only when local PDs and FDs decide to try and lock out scanner users (nominally to keep criminals from listening, but more often to keep away TV news crews) by means of ill-conceived encryption addons that things fall apart.