August 12, 2011, 1:34 PM —
A research paper by five authors at the University of Pennsylvania titled "Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System" looks like pretty dull reading, doesn't it? But when a 16-page scholarly paper includes photos of a $30 toy, in this case Mattel's GirlTech IMME (or IM-me) dedicated texting device, you have to wonder what's up.
According to the story at CNET, what's up is how easily the $30 toy can wreak havoc on a multi-billion dollar government encrypted radio protocol. Used heavily by the FBI, Secret Service, and other Homeland Security folks, Protocol 25 is being pushed to state and local law enforcement to enable two-way encrypted transmissions, and to interoperate with the feds. Yet a $30 toy and a few Radio Shack parts, and all that Project 25 technology could fall apart when Jessica texts Taylor that Michael in math likes her. Or, since it's Mattel, maybe it's Bridget texting Barbie that she and Ken are running off to Miami.
What fun! Aren't you glad our government spooks are protected by the best encryption technology?
Our tax dollars at work
How is it possible that a radio that's standard across agencies (thus must have sold 100,000 or more units) costs $3,000? I can buy a nice, rugged business class radio (that supposedly meets various MIL-SPEC ratings for water, dust, vibration) for around $500, what makes this radio cost more than 5 times more?
sfbiker on news.cnet.com
this is kind of stupid, you can jam P25 with any radio, just key up on the frequency and the heterodyning of the two signals will make the data unrecoverable, jamming communications...
FLECOM on hardforum.com
First: I lead the design team on one of the top P25 testers on the market, so I know a bit about APCO-25. The paper omitted a few very important details about their jammer:
David D. Hagood on theregister.com
They work so poorly, that just very short, sporadic bursts of RF energy can completely disrupt the communications, rendering the network useless. During a coordinated law enforcement action, the criminals could easily block all secure communications, using a jamming technique that is difficult to detect and difficult to locate.
zyxxy on news.cnet.com
Steve, P25 was more of a "design by committee" than a specific company. NTIA, NIST, etc. were involved. The committee aspect probably accounts for a lot of the kludges these folks identified in their earlier paper.
inflatableshark on news.cnet.com
So which reason is another grand government project now full of holes: government incompetence, or clever hackers?