recommended reading

Encrypted Federal Radios Can Be as Revealing as Police Scanners

Ric Francis/AP file photo

Federal radios with encryption can be nearly as insecure as the Boston Police scanners that allowed the public to tune in to the hunt for a suspected bomber, research shows. The Homeland Security Department and other agencies are buying more mobile devices that use P25, a set of wireless voice communications protocols that offers encoding. But it works only if they turn it on. 

"We've collected several years’ worth of unintentionally clear federal radio traffic. Only one agency has crypto working reliably," University of Pennsylvania computer science professor Matt Blaze tweeted on Saturday, while commenting on the inadvertent transparency of the police chase. "The one fed [law enforcement] agency whose radio traffic is almost never in the clear is the Postal [Inspection Service]. Don't mess with them," he said.

Many Internet users on Friday were glued to various live streams of police transmissions broadcasting the pursuit of Boston Marathon bombing suspect Dzhokhar Tsarnaev.  Had he also been listening to the chatter, Tsarnaev possibly could have escaped. It is unclear what security configurations authorities in Boston were using. But even federal P25 communications have gaping holes, Blaze discovered during a two-year experiment. 

A significant portion of the traffic "is sent in the clear, despite the users' apparent belief that it is encrypted. We captured an average of 20 to 30 minutes per day per city of highly sensitive 'unintended' clear text," he wrote on his blog in 2011. "The clear text included all manner of highly sensitive operational details, such as identifying features of undercover operatives and informants, identities and locations of surveillance targets, plans and locations for forthcoming takedowns, and details of executive protection operations."

The 2011 findings were based on leakage from P25 systems in several metropolitan areas using frequencies assigned to federal officials. "We collected data specifically on systems carrying a high volume of sensitive traffic from trained and motivated users: the encrypted tactical two-way radio networks used by federal agencies conducting criminal and national security investigations," Blaze wrote. 

He said one problem is that the technology does not clearly notify users whether the encryption feature is on or off, "and radios set to clear mode will happily interoperate with radios set to encrypted mode."

Blaze does not blame the security weaknesses on user error. "The problem of unintended sensitive clear text rests squarely with the radios, not their users, and it is important to fix the problem rather than blame the victim," he wrote. Blaze added he is working with federal personnel to change the default features on handsets so encryption status is more visible.

The endeavor, as of Monday, had tightened controls “only to a very limited extent,” he told Nextgov in an email. “The fundamental problems are still there.”

Threatwatch Alert

Cyber espionage / Spear-phishing

Russia-Linked Hacker Unit Targets French Presidential Election

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.