recommended reading

Encrypted Federal Radios Can Be as Revealing as Police Scanners

Ric Francis/AP file photo

Federal radios with encryption can be nearly as insecure as the Boston Police scanners that allowed the public to tune in to the hunt for a suspected bomber, research shows. The Homeland Security Department and other agencies are buying more mobile devices that use P25, a set of wireless voice communications protocols that offers encoding. But it works only if they turn it on. 

"We've collected several years’ worth of unintentionally clear federal radio traffic. Only one agency has crypto working reliably," University of Pennsylvania computer science professor Matt Blaze tweeted on Saturday, while commenting on the inadvertent transparency of the police chase. "The one fed [law enforcement] agency whose radio traffic is almost never in the clear is the Postal [Inspection Service]. Don't mess with them," he said.

Many Internet users on Friday were glued to various live streams of police transmissions broadcasting the pursuit of Boston Marathon bombing suspect Dzhokhar Tsarnaev.  Had he also been listening to the chatter, Tsarnaev possibly could have escaped. It is unclear what security configurations authorities in Boston were using. But even federal P25 communications have gaping holes, Blaze discovered during a two-year experiment. 

A significant portion of the traffic "is sent in the clear, despite the users' apparent belief that it is encrypted. We captured an average of 20 to 30 minutes per day per city of highly sensitive 'unintended' clear text," he wrote on his blog in 2011. "The clear text included all manner of highly sensitive operational details, such as identifying features of undercover operatives and informants, identities and locations of surveillance targets, plans and locations for forthcoming takedowns, and details of executive protection operations."

The 2011 findings were based on leakage from P25 systems in several metropolitan areas using frequencies assigned to federal officials. "We collected data specifically on systems carrying a high volume of sensitive traffic from trained and motivated users: the encrypted tactical two-way radio networks used by federal agencies conducting criminal and national security investigations," Blaze wrote. 

He said one problem is that the technology does not clearly notify users whether the encryption feature is on or off, "and radios set to clear mode will happily interoperate with radios set to encrypted mode."

Blaze does not blame the security weaknesses on user error. "The problem of unintended sensitive clear text rests squarely with the radios, not their users, and it is important to fix the problem rather than blame the victim," he wrote. Blaze added he is working with federal personnel to change the default features on handsets so encryption status is more visible.

The endeavor, as of Monday, had tightened controls “only to a very limited extent,” he told Nextgov in an email. “The fundamental problems are still there.”

Threatwatch Alert

Spear-phishing / Stolen credentials / User accounts compromised

Gmail Scam Tricks Users With Convincing Login Page

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.