A Security Analysis of the APCO Project 25 Two-Way Radio System

Started by wacapgh, August 11, 2011, 05:47:43 PM

0 Members and 1 Guest are viewing this topic.

wacapgh

http://online.wsj.com/public/resources/documents/p25sec08102011.pdf

Interesting read.

The links from all over the net are really misleading "$30 toy jams secret radios" hype.

Yeah, if you connect it to a $1000 Icom PCR2500 and write custom software to control the RF chip and microprocessor in the toy.

As always, be careful what you say over any radio. Someone, somewhere, is probably listening at the most embarrassing moment possible  ;D


Major Lord

Very amusing. Of course, I could also build a dirty bomb from the radioactive elements in smoke detectors, or build a jammer that would wipe out 90% of all FM Communications in a small city with a car ignition coil and a few select parts.....To call this a threat is a tremendous overreach. Can you jam or intercept APCO radios? sure, but anyone who would know how would not start with Barbie's pager; They would start with an APCO Radio and a PC.

Major Lord
"The path of the righteous man is beset on all sides by the iniquities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee."

Buzz

Actually, the special equipment is only needed to read the packets.  Jamming is far easier, according to the full article.

Atmospheric and incidental spurs can shut down P25 or most other digital modes, while "archaic, obsolete" analog signals will just sound ratty but still get through -- and that same analog equipment can jam digital very effectively.

Fortunately, most of the security issued can be solved through programming.  The next generation of P25 firmware will undoubtedly have toggles to lock out or warn of nonsecure transmissions.

There is also sufficient computing power in most current P25 equipment to multilayer security, such as inverting packets, "add-to-key," etc.

wacapgh

I guess they were being really clever - transmitting just enough to block a few packets here and there, and only on specific trunk/key groups.

Would be a real bear to DF with a short duty cycle like that.

Cowthief

Hello.

First off, there was no mention of actual encryption.
If a P-25 signal is indeed encrypted than this is a non issue.
And, P-25 does not specify how it is to be encrypted, there are well over a dozen protocols at this time.
But, in P-25 there is also a "secure" mode, this is NOT encrypted, it simply marks the transmission as restricted without any real security.
Encrypted means a "key", a secret series of numbers is entered into the radios in question with a device known as a key loader.
Without all of the elements being exact there is no reasonable way to decode the transmissions.