The funny thing about this is that my municipality just recently started encrypting their radios at all. And it was controversial! Residents liked being able to listen in to the scanners.
nonameiguess · 29m ago
I'll never forget 8 years ago someone managed to set off every tornado siren in Dallas for an entire Friday night, apparently because they're controlled by radio and the control signal was not encrypted, so the "hacker" just recorded it during a real alert and then played it back to attack the system.
ronsor · 1h ago
And now they're going to be unencrypted again, but not by choice!
tptacek · 41m ago
No, this story is about TETRA radios, which are used in Europe; I'm in Chicago, on Motorola's STARCOM (P25), which is ostensibly AES (it wouldn't be shocking to find vulnerabilities; in fact shocking not to, but it won't be as crazy as TETRA, which freelanced its entire encryption stack).
colmmacc · 35m ago
I listened to your great podcast and the remark along the lines of "unencrypted police comms let the robbers know when the police are getting close" made me wonder if anyone has built a simple signal intensity detector for the encrypted radios. You don't need to hear the contents to know that the radios are closing in on you. I can't imagine police forces practice RF silence like special forces do.
It really would be better to hide in the noise of 5G.
mystraline · 18m ago
I have a BT scanner app for my phone. "BLE Radar".
I have a detection on there for the MAC address "00:25:DF:*". That's the MAC OUI prefix for Taser International.
I keep it on while driving, because the badgecams and hardware in cop cars spurts this out regularly. So even unmarked cars show themselves.
buildbot · 21m ago
I’ve long wanted to do this with an SDR and maybe some simple ML, build a dataset by driving by cars/things with frequencies of interest.
Now I wonder if you can fingerprint antennas…
drewnick · 1h ago
Note this affects TETRA which is not used in North America. Most US systems use P25 which is not mentioned in the article.
kotaKat · 55m ago
Not like there’s not enough problems with P25… until the day they can deploy LLE (link-layer encryption) across all P25 systems, there will always be a way to gather some kind of intelligence about the system and its radio traffic.
(And the fact that it’s taking so long to implement link layer authorization, barely a scratch in the security dent…)
anfractuosity · 6m ago
Very interesting, curious how long it would take to brute force the 56 bit key, with something like a GPU/FPGA. It looks like hashcat supports DES, which is also 56 bit.
tonetegeatinst · 11m ago
I believe TETRA was already vulnerable to being broken based of some research that a group did into the protocol. They showed a proof video but didn't release any technical info or poc due to security fear.
theturtle · 8m ago
Cool! Maybe all the apps and sites intended to let you keep track of what your local kopz are doing will work again!
drumhead · 20m ago
I mean, in this day and age is it such a bad thing that police and military radio is crackable?
dist-epoch · 1h ago
Is it still illegal in Europe to buy radios with 128 bit encryption?
cluckindan · 1h ago
As in TETRA? Probably not, as SDRs are widely available anyway, as are scanners capable of decrypting TETRA traffic.
You do need authorization to buy a transmitter though, at least where I live.
dist-epoch · 57m ago
I meant like hand-held walkie talkies. But with 128 bit encryption.
Weird it's regulated, given you can use mobile phones like that (sure, you need coverage).
GauntletWizard · 1h ago
It's still illegal to point out that the emperor has no clothes
mystraline · 11m ago
Its also illegal to report hospitals that post PHI (protected health information) over POCSAG or FLEX - pager networks. Of course, theres no encryption or anything. The encoding is plain text.
Yes, it is also illegal to post PHI over pagers, due to HIPAA addendum in 2016.
But 1986 ECPA law forbids decoding pager messages unless they were intended for you.
eitland · 38m ago
> You’ve read your last free article.
Haven't read a Wired article in months :-|
And thanks to poster for adding archive link.
robterrell · 33m ago
Wired is killing it with great reporting this year. Worth subscribing and supporting.
https://www.youtube.com/watch?v=iGINoIYQwak
It really would be better to hide in the noise of 5G.
I have a detection on there for the MAC address "00:25:DF:*". That's the MAC OUI prefix for Taser International.
I keep it on while driving, because the badgecams and hardware in cop cars spurts this out regularly. So even unmarked cars show themselves.
Now I wonder if you can fingerprint antennas…
(And the fact that it’s taking so long to implement link layer authorization, barely a scratch in the security dent…)
You do need authorization to buy a transmitter though, at least where I live.
Weird it's regulated, given you can use mobile phones like that (sure, you need coverage).
Yes, it is also illegal to post PHI over pagers, due to HIPAA addendum in 2016.
But 1986 ECPA law forbids decoding pager messages unless they were intended for you.
Haven't read a Wired article in months :-|
And thanks to poster for adding archive link.