_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Encryption made for police and military radios may be easily cracked
gonzo41 wrote 7 min ago:
So what's really important with military radio's is the concept of
tactically perishable information. If i give battle directions duing a
fight, that information only needs to be secure for a few days, after
that, I'm somewhere else.
jedisct1 wrote 1 hour 9 min ago:
"military grade" encryption.
LeGrosDadai wrote 2 hours 17 min ago:
Related: [1] and [2] Why EU saw fit to buy very expensive proprietary
software encryption, when there are open source standards, some of them
designed in the EU itself is beyond me. Of course, you still someone to
build the hardware and so on.
URI [1]: https://www.usenix.org/conference/usenixsecurity23/presentatio...
URI [2]: https://tosc.iacr.org/index.php/ToSC/article/view/12077
HexPhantom wrote 4 hours 16 min ago:
This is what happens when security is treated like a checklist item
instead of a core requirement
fortran77 wrote 7 hours 45 min ago:
Good. I used to listen to police calls in the US. I donât like the
fact that my police is now the âsecret policeâ with encrypted
digits radios.
gloyoyo wrote 11 hours 34 min ago:
The local PD in my area has/had the laptops in their vehicles set to
ad-hoc mode, and each broadcast static MAC addresses in the open, and
could simply be looked up on the Wigle database. At about 100-yards,
you could pick up the broadcast on any phone, and it would be trivial
for someone to deduce that you could setup an active monitor w/ alerts
for when these specific MAC addresses were present in a designated
area, let alone what a distributed monitoring/alert effort would be
capable of...
thenthenthen wrote 1 hour 49 min ago:
There is this Target Blue device that works in a similar way but
based, i think on detection of p2000 encrypted signals. Basically an
sdr. Anyway. I also believe it is highly illegal to use. Link:
URI [1]: https://blu-eye.eu/
ian_d wrote 2 hours 23 min ago:
There was actually a good DC31 talk called "Snoop On To Them, As They
Snoop On To Us" kinda in this vein, but with Bluetooth devices that
are part of a lot of cop's gear.
URI [1]: https://www.youtube.com/watch?v=cO1JSzAdPM8
xav0989 wrote 2 hours 5 min ago:
Some people I know are building a similar system, watching for the
printers that parking attendants carry to issue tickets. When they
see one of those nearby, it starts the clock so that they move
their car before the time expires.
HexPhantom wrote 4 hours 1 min ago:
What's wild is how often agencies spend millions on comms gear and
security tools, but overlook basics like this
mindcrime wrote 10 hours 57 min ago:
a distributed monitoring/alert effort would be capable of...
Thinking out loud... an RTL-SDR dongle costs like $35.00 or so (well
maybe more now due to tariffs, I haven't bought one in a while),
plenty of relevant software is open source (GNURadio etc.), drones
are cheap, small solar panels are fairly inexpensive. Hmm... I
almost think a motivated individual (or small group of individuals)
could piece together a rather capable "distributed monitoring/alert"
system.
Not that I'm encouraging anyone to do such a thing, of course.
NitpickLawyer wrote 6 hours 5 min ago:
> an RTL-SDR dongle costs like $35.00 or so
FuzzyDunlop has graduated to HissyMarconi in The Wire season 12 :)
BobaFloutist wrote 10 hours 41 min ago:
I don't even know that it's explicitly illegal. Google maps is
allowed to warn you about speed traps.
mindcrime wrote 10 hours 30 min ago:
I agree, it probably isn't really explicitly illegal. But if one
put together such a thing, depending on how they decided to use
it, I have a hunch that the State would find something to charge
them with. I'll resist the temptation to say more, to avoid going
too overtly political here.
gloyoyo wrote 10 hours 26 min ago:
I'm pretty sure it's not outside of the range of ANYONE to whip
up in a fortnight, and have distributed near instantaneously.
If anything, it's the most basic of "wireless site survey"
applications.
WrongOnInternet wrote 13 hours 1 min ago:
Kevin Mitnick figured out how to get around police radio encryption in
the 90's. From 'Ghost in the Wires':
"Whenever I heard any hiss of communication, Iâd hold down my
Transmit button. That would send
out a radio signal on the same exact frequency, which would jam the
signal.
Then the second agent wouldnât be able to hear the first agentâs
transmission. After two or three tries back and forth, the agents would
get
frustrated with the radio. I could imagine one of them saying something
like, âSomethingâs wrong with the radio. Letâs go in the
clear.â
Theyâd throw a switch on their radios to take them out of encryption
mode, and Iâd be able to hear both sides of the conversation! Even
today
Iâm amused to remember how easy it was to work around that encryption
without even cracking the code."
HexPhantom wrote 4 hours 3 min ago:
It's a perfect example of why security is never just about the
algorithm
jvanderbot wrote 11 hours 30 min ago:
That is the most 90s story I've heard. Nowadays you'd be shot.
tptacek wrote 12 hours 7 min ago:
It's an odd story, since until pretty recently most North American
police radio was plaintext to begin with.
Sanzig wrote 9 hours 39 min ago:
The first P25 standards came out in 1989, so encrypted police
radios were certainly starting to be deployed in the early 90s.
Obviously, adoption rate depended on the department budget, with
many rural departments taking until the 2010s to finally switch.
daveevad wrote 10 hours 3 min ago:
> hiss of communication
Allow me to speculate massively. Hiss sounds more like weak signal
acquisition. Perhaps in this case, Mitnick was interfering but not
defeating encryption.
WrongOnInternet wrote 8 hours 56 min ago:
A bit more from the book (which is a great read, and available in
it's entirety on archive.org):
"To enable its agents to communicate over greater distances, the
government had installed ârepeatersâ at high elevations to
relay the signals.
The agentsâ radios transmitted on one frequency and received on
another; the repeaters had an input frequency to receive the
agentsâ
transmissions, and an output frequency that the agents listened
on. When I wanted to know if an agent was nearby, I simply
monitored the signal
strength on the repeaterâs input frequency.
That setup enabled me to play a little game. Whenever I heard any
hiss of communication..."
WrongOnInternet wrote 11 hours 57 min ago:
I should have said FBI radio encryption. I wonder if the technique
would still work today...
extraduder_ire wrote 7 hours 38 min ago:
If the user can fallback to not using encryption and that solves
a problem they think they have, enough annoyance will make them
do so. It's the entire reason HSTS exists.
BrandoElFollito wrote 2 hours 12 min ago:
HSTS is not practical and marginally useful.
First you need to make darn triple check extra sure that when
you deploy it, you won't change it. It is a one-shot switch and
whoever gets to your site is stuck with the configuration for
days, weeeks, months. And you cannot tell them "my bad, try
again".
Then if you have a sensible setup, you would redirect
immediately to HTTPS anyway.
Sure, it protects you from some marginal risks (such as you not
setting your cookies to secure mode) but then you have other
problems and HSTS will bite you when you prod the security
settings without a good plan.
user3939382 wrote 12 hours 1 min ago:
Not IA
eru wrote 11 hours 57 min ago:
What's IA?
WrongOnInternet wrote 9 hours 2 min ago:
Intelligence Agencies
loeg wrote 10 hours 31 min ago:
Internal Affairs? But I'm not sure why that's relevant to
encryption or Mitnick.
user3939382 wrote 7 hours 33 min ago:
I have heard of them having stricter radio protocols which
strikes me as sensible
tamimio wrote 14 hours 18 min ago:
URI [1]: http://archive.today/5GMa5
mindcrime wrote 14 hours 46 min ago:
For anyone who's curious, the closest equivalent in the US is P25[1] or
"Project 25". And if you're wondering, yes, P25 systems have been known
to have their own share of vulnerabilities of various sorts. My
favorite one[2] is the one that lets an attacker force a P25 radio to
broadcast tokens "on demand" allow you to (theoretically, with the
right receiving setup and software) track the location of P25 radios
more or less in real-time.
And on a related note, for anyone who is interested in listening in on
any local P25 transmissions, you can do so in a fairly inexpensive
manner, using an RTL-SDR dongle and the Open Source op25[3] software
package. No listening to encrypted traffic, but IME, many (maybe most)
public safety agencies keep most of their traffic in the clear. More so
for fire/ems traffic. Law enforcement is more likely to be encrypted,
but even then, I find that many jurisdictions only encrypt a small
number of channels, like maybe a dedicated vice/narc squad channel,
SWAT team channel, etc. General LE dispatch and tac channels are still
in the clear in many areas.
[1] [2]
URI [1]: https://en.wikipedia.org/wiki/Project_25
URI [2]: https://www.reddit.com/r/tacticalgear/comments/1f4d5dr/psa_p25...
URI [3]: https://github.com/boatbod/op25
theoreticalmal wrote 12 hours 54 min ago:
I wonder if it would be illegal to employ this method. Tracking law
enforcement isnât explicitly illegal, right?
mindcrime wrote 12 hours 25 min ago:
It's an active attack (requires you to transmit traffic to trick
the radio into sending the response beacons) so at the very least
you'd almost certainly be in violation of some FCC regs. So the
charge might not be "tracking law enforcement" but rather would be
"illegally transmitting on a public safety frequency without a
license" or something along those lines. And if somebody got caught
doing this, I'm reasonably sure they'd find a way to pile on a few
more charges as well.
And note that since it is an active attack that requires the
attacker to transmit, it opens up the possibility of the attacker
giving up their own location in turn.
My take is that it's fun to think about, but largely lacking in
real world applicability in most situations.
privatelypublic wrote 12 hours 28 min ago:
Transmitting on spectrum you don't have a license for- especially
when the government WILL cast it as "interfering with emergency
services" or just Big-T- very much is.
eru wrote 11 hours 56 min ago:
What's 'Big-T'?
mindcrime wrote 11 hours 39 min ago:
Terrorism
privatelypublic wrote 10 hours 22 min ago:
Yup. And I'll note phrasing it the way I did is openly
derisive of its overuse by law enforcement.
sam1r wrote 5 hours 59 min ago:
Thatâs quite the private phrase to be presenting
publicly.
dokyun wrote 15 hours 1 min ago:
> The flaws remained unknown publicly until their disclosure, because
ETSI refused for decades to let anyone examine the proprietary
algorithms.
Got what they asked for.
genocidicbunny wrote 16 hours 9 min ago:
Huh, I was catching up on DEFCON videos recently, and just earlier this
morning watched the talk about Tetra. How serendipitous.
URI [1]: https://www.youtube.com/watch?v=iGINoIYQwak
anfractuosity wrote 16 hours 13 min ago:
Very interesting, curious how long it would take to brute force the 56
bit key, with something like a GPU/FPGA. It looks like hashcat
supports DES, which is also 56 bit.
ethan_smith wrote 44 min ago:
Modern GPU clusters can break 56-bit DES in under a day - AWS
instances could do it for a few hundred dollars, making this
vulnerability practically exploitable by motivated attackers with
modest resources.
theturtle wrote 16 hours 15 min ago:
Cool! Maybe all the apps and sites intended to let you keep track of
what your local kopz are doing will work again!
HexPhantom wrote 3 hours 58 min ago:
Right? All it took was some deeply flawed encryption and a couple
researchers pulling the thread
tonetegeatinst wrote 16 hours 18 min ago:
I believe TETRA was already vulnerable to being broken based of some
research that a group did into the protocol. They showed a proof video
but didn't release any technical info or poc due to security fear.
drumhead wrote 16 hours 27 min ago:
I mean, in this day and age is it such a bad thing that police and
military radio is crackable?
eitland wrote 16 hours 45 min ago:
> Youâve read your last free article.
Haven't read a Wired article in months :-|
And thanks to poster for adding archive link.
robterrell wrote 16 hours 40 min ago:
Wired is killing it with great reporting this year. Worth subscribing
and supporting.
kstrauser wrote 16 hours 3 min ago:
I've done that. It seemed like Wired got lost on the road for a
while, but lately they're back with a vengeance, which I'm
delighted to see (and to support).
drewnick wrote 17 hours 7 min ago:
Note this affects TETRA which is not used in North America. Most US
systems use P25 which is not mentioned in the article.
LeoPanthera wrote 15 hours 2 min ago:
Northern California services use P25 but with encryption turned off.
They also have analogue repeaters. Presumably because that way they
can still use old radios and don't have to worry about key rotation.
The audio quality on the analogue signal is a lot better than the P25
version, which is often harder to understand.
kotaKat wrote 17 hours 2 min ago:
Not like thereâs not enough problems with P25⦠until the day they
can deploy LLE (link-layer encryption) across all P25 systems, there
will always be a way to gather some kind of intelligence about the
system and its radio traffic.
(And the fact that itâs taking so long to implement link layer
authorization, barely a scratch in the security dentâ¦)
dist-epoch wrote 17 hours 13 min ago:
Is it still illegal in Europe to buy radios with 128 bit encryption?
extraduder_ire wrote 7 hours 19 min ago:
I think on most public bands here, transmitting with encryption of
any kind is banned regardless of the strength.
sneak wrote 14 hours 43 min ago:
I think what you may be thinking of is the export from the US of
strong encryption products under ITAR. It was challenged by djb (of
qmail/djbdns fame, among many other things) and the result was
roughly that publishing software is protected expression like any
other publishing (prior to that it was classified as munitions and
required an export license).
URI [1]: https://en.wikipedia.org/wiki/Bernstein_v._United_States
cluckindan wrote 17 hours 8 min ago:
As in TETRA? Probably not, as SDRs are widely available anyway, as
are scanners capable of decrypting TETRA traffic.
You do need authorization to buy a transmitter though, at least where
I live.
dist-epoch wrote 17 hours 4 min ago:
I meant like hand-held walkie talkies. But with 128 bit encryption.
Weird it's regulated, given you can use mobile phones like that
(sure, you need coverage).
kevin_thibedeau wrote 13 hours 54 min ago:
Mobile phones are backdoored and trackable by default.
GauntletWizard wrote 17 hours 12 min ago:
It's still illegal to point out that the emperor has no clothes
mystraline wrote 16 hours 18 min ago:
Its also illegal to report hospitals that post PHI (protected
health information) over POCSAG or FLEX - pager networks. Of
course, theres no encryption or anything. The encoding is plain
text.
Yes, it is also illegal to post PHI over pagers, due to HIPAA
addendum in 2016.
But 1986 ECPA law forbids decoding pager messages unless they were
intended for you.
tptacek wrote 17 hours 20 min ago:
The funny thing about this is that my municipality just recently
started encrypting their radios at all. And it was controversial!
Residents liked being able to listen in to the scanners.
HexPhantom wrote 3 hours 59 min ago:
And yeah, the scanner culture thing is real
throwawayoldie wrote 13 hours 18 min ago:
Boston?
LeoPanthera wrote 15 hours 4 min ago:
> Residents liked being able to listen in to the scanners.
They're a public service funded by taxpayer dollars. Knowing what
they're doing seems reasonable.
beambot wrote 13 hours 51 min ago:
Oversight & accountability are different from operational security.
Leaving the radios unencrypted merely lends advantage to
more-sophisticated bad actors.
mulmen wrote 11 hours 18 min ago:
How does one perform oversight of a police department if the
comms are encrypted? Do I FOIA all the communications? How
specific does that request have to be? Are the comms even
recorded? How long are they retained? What happens when the
recordings are "lost"?
netsharc wrote 1 hour 12 min ago:
Geez, this is a crazy take... as much as I hate corrupt police,
monitoring their communication means disabling their ability to
communicate with each other in secret.
During the Munich 1972 olympics(1), terrorists took some
Israeli athletes hostage, and then this happened:
> Meanwhile, the terrorists learned from radio and television
broadcasts that the police were approaching and had planned a
rescue operation. The authorities had failed to cut off the
terrorists' electricity and remove the press from the Olympic
Village.
If they did all that and the terrorists were able to listen to
their radio, what's next? Is encryption allowed then? If they
could enable it then, why not enable it all the time, "just in
case"?
1)
URI [1]: https://en.wikipedia.org/wiki/Munich_massacre
protocolture wrote 13 hours 4 min ago:
Its literally opsec for the bad actors, the cops, to more
effectively terrorise the civilian population.
jMyles wrote 13 hours 22 min ago:
...I'd like to see evidence for that claim.
Much more likely is that the opacity of encryption lends
advantage to the unsophisticated bad actors (ie, the 'official'
ones).
I think most of us, at least in the USA, are far more ready to
take our chances with these hypothetical sophisticated bad actors
than to reduce the real-time transparency of verified ones.
LeoPanthera wrote 13 hours 29 min ago:
But in the USA there is ample evidence that the police are often
bad actors.
hypercube33 wrote 14 hours 25 min ago:
Many many years ago a buddy of mine loved listening to the
scanners.
One evening we are on AIM chatting and he explains what is going
on: noise complaint at a house down the block (kids partying)
He looks the address up and calls them to warn them and sits back
to see if they do anything.
sounds like they managed to bail before anyone showed up to the
address.
lukan wrote 11 hours 42 min ago:
Huh?
In europe when the police comes to a loud party, they come and
tell the people to please be more silent. (And if it is just
minor kids, ask for a adult) So if the party dispersed in panic
before they even arrive .. problem solved fpr them?
Or does the US police busts loud parties gun blazing in general?
throw-qqqqq wrote 5 hours 6 min ago:
> Or does the US police busts loud parties gun blazing in
general?
Nah, but lots of these parties have kids below than 21 (or
whatever the legal drinking age is). So they get fined or
arrested if caught so they leg it.
A friend attended a Chicago-suburb high school for a year
(exchange student). Said he had to run from cops at private
parties about a handful of times in that year, and that it was
pretty normal in his group.
sokoloff wrote 11 hours 30 min ago:
Many times theyâll take an interest in underage drinking or
recreational drug use, which the party attendees might prefer
they didnât get tagged for.
SoftTalker wrote 11 hours 9 min ago:
Also depends on which neighborhood and whose house it is.
baby_souffle wrote 14 hours 18 min ago:
Not all heros wear capes. Some of them keep their ears glued to
the scanners...
zdragnar wrote 13 hours 25 min ago:
Now replace "kids" with gangs and other organized crime, and it
makes a little more sense why they'd want to encrypt it.
MSFT_Edging wrote 1 hour 4 min ago:
uh huh
URI [1]: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_I...
asdffdasy wrote 2 hours 55 min ago:
you deserve neither freedom or security! according to our
founding fathers.
radicaldreamer wrote 12 hours 39 min ago:
Gangs and organized crime have more sophisticated ways of
avoid law enforcement
tptacek wrote 12 hours 10 min ago:
Do they? What are they?
defrost wrote 11 hours 38 min ago:
Along with radicaldreamer suggestions it's also common to
be really effective at stonewalling police while on
secure wire cameras with audio recording and to have very
good criminal lawyers on retainer. Also having patches
and wannabes who are prepared to scapegoat themselves.
This isn't so much directly evading law enforcement but
it's effective as it can easily cause police take actions
that cause evidence and cases to be thrown out, raise
reasonable doubt, etc.
Depleting resources and diversions are also relatively
common, creating a 'fake' public threat or hate crime to
investigate bleeds police resources away from ongoing
investigations, etc.
The tango between gang squads and organized criminal
groups is an ongoing escalating battle. The EncroPhone
transcripts revealed a lot.
radicaldreamer wrote 12 hours 0 min ago:
Bribery is a common one, counterintelligence is another,
compromising people who are investigating them (or their
family members)
chillingeffect wrote 13 hours 12 min ago:
...so the gangs will continue the crimes?
zdragnar wrote 11 hours 54 min ago:
So the organization can't alert each other when they hear
one of their locations or operations on dispatch.
tptacek wrote 14 hours 59 min ago:
URI [1]: https://news.ycombinator.com/item?id=44830592
cptskippy wrote 15 hours 7 min ago:
San Diego?
lazide wrote 16 hours 1 min ago:
Previously you could hear what was going on in town - a degree of
transparency around police.
Now you canât. For better or worse, eh?
tptacek wrote 15 hours 32 min ago:
Yeah, it's complicated! Europe goes the other way on this,
apparently, so much so that it's headline news when someone comes
up with cryptographic attacks on their police radios. Here, on the
other hand, people committing crimes can (or could, a few months
ago) just listen on their iPhones to see if anybody is on to them.
The City of Chicago makes decrypted audio available, just on a 30
minute delay. That's a sane compromise, I think.
mulmen wrote 11 hours 16 min ago:
Seems reasonable on the surface. Has anyone ever audited this?
Are there gaps in the recordings? If the PD fails to reproduce
the recordings what are the consequences?
lazide wrote 5 hours 49 min ago:
If it âhelpsâ, every police force was already using
personal text messages/signal/etc for sensitive calls and
discussions anyway.
eru wrote 11 hours 54 min ago:
> The City of Chicago makes decrypted audio available, just on a
30 minute delay. That's a sane compromise, I think.
It sounds sane! Though I wonder if like body cams the decrypted
channel will have mysterious malfunctions every so often when
anything interesting happens?
jMyles wrote 13 hours 21 min ago:
At some point, this needs to turn a corner into real-time
resistance, and massive community presence to assist regular
people in asserting their rights.
A 30-minute delay crushes that.
tptacek wrote 12 hours 10 min ago:
Most communities are far more victimized by property crime than
they are by the police. Anti-police activists tend to premise
their arguments on the idea that everybody opposes police
intervention, but read transcripts of neighborhood meetings in
Black neighborhoods: the more common complaint is that the
police aren't responding and aren't taking their complaints
seriously.
mulmen wrote 11 hours 15 min ago:
Does a 30 minute delay assist the police in preventing or
responding to property crime?
tptacek wrote 11 hours 2 min ago:
Yes? The concern is people committing crimes with the
scanner playing waiting to see if the police are on to
them.
I don't care one way or another, but it's silly to say
there's no actual concern there, I think.
themafia wrote 3 hours 9 min ago:
> is people committing crimes with the scanner playing
waiting to see if the police are on to them
That's ridiculous. I've seen one police chief give this
testimony but I've seen no evidence anywhere or charges
levied anywhere showing it has actually occurred and I
can't actually parse out the criminal model.
You have to assume that they _absolutely will always_
broadcast the location of burglaries on the radio. They
could just not do that. Perhaps they coordinate the
arrest using cellphones which is something that happens
all the time already. Then your listening in has cost
you a person who could otherwise be stealing things and
may end up being a highly unreliable indicator of
imminent capture. Then you have to be sure you leave
early enough and carefully enough that no one, not even
a neighbors ring camera, sees you leave the scene or
tracks your travel after the crime.
That's not to say I haven't seen "criminals" use them.
Street takeovers will monitor traffic to frustrate
responding officers. Cannonball run players will monitor
traffic to avoid speed traps. I've also used them for
skip tracing when trying to find an officer who is also a
debtor, ironically, they often think themselves above
civil law enforcement and are notoriously hard to collect
on.
Anyways, it really seems like a weak dodge from police
departments that would rather not be accountable to the
public. Chicago is no exception. Delays of
communications put control solely in their hands. I
can't imagine a worse outcome. It should be a third
party non-aligned agency that performs that task and it
should take a call from the governor to prevent them from
doing it.
lazide wrote 1 hour 20 min ago:
Itâs a common trope in most Hollywood movies.
Probably, as you note, not actually common - but people
think it is, so itâs an easy out.
mulmen wrote 9 hours 26 min ago:
So the bad guys scope out a Hyundai or whatever and then
listen to the scanner for a while until they're confident
there are no cops in the area and then steal the car? Is
it feasible to call in a distraction and listen for that?
I'm not saying there's no concern. I'm just not sure if
this 30 min delay is as effective as it sounds at first
glance. My gut reaction has been wrong enough times in
my life that I have gotten in the habit of challenging my
own assumptions.
lazide wrote 5 hours 37 min ago:
Criminals generally donât have that type of impulse
control. Ainât nobody waiting 30 minutes to decide if
theyâre going to steal a Hyundai.
stevage wrote 13 hours 41 min ago:
That's a great compromise.
nonameiguess wrote 16 hours 35 min ago:
I'll never forget 8 years ago someone managed to set off every
tornado siren in Dallas for an entire Friday night, apparently
because they're controlled by radio and the control signal was not
encrypted, so the "hacker" just recorded it during a real alert and
then played it back to attack the system.
bilegeek wrote 13 hours 9 min ago:
The majority of EAS equipment responds this way. That's why the
tones are so strictly regulated on broadcasts.
URI [1]: https://docs.fcc.gov/public/attachments/DA-19-758A1.pdf
andrewflnr wrote 15 hours 36 min ago:
That might still work even with encryption, if they don't
specifically prevent replay attacks.
ronsor wrote 17 hours 13 min ago:
And now they're going to be unencrypted again, but not by choice!
tptacek wrote 16 hours 48 min ago:
No, this story is about TETRA radios, which are used in Europe; I'm
in Chicago, on Motorola's STARCOM (P25), which is ostensibly AES
(it wouldn't be shocking to find vulnerabilities; in fact shocking
not to, but it won't be as crazy as TETRA, which freelanced its
entire encryption stack).
raggi wrote 12 hours 37 min ago:
"which is ostensibly AES" in the 5% or less of deployments that
turn that on
Both of the systems are crap, when we were evaluating them for
nationwide purchase we chose TETRA because of systemic safety
features (like local DMO handover modes for public safety use in
noisy environments), but when I read their crypto choices I made
screwy faces constantly, I wasn't in the slightest bit surprised
when this research came out.
I remember at the time some ex signals military folks trying to
tell me that the encryption barely matters as the channel
selection rate is so high you'd need multi-site intercepts to
even make heads of tails of it, sadly they didn't really seem to
understand how far SDR and compute has come. The whole experience
to this day flavors a lot how I think about military and telco
thinking around the whole space, everything touching that
boundary feels infected with oldthink.
fc417fc802 wrote 4 hours 28 min ago:
> everything touching that boundary feels infected with
oldthink.
I'd guess that's due to the expense of the equipment and all
the regulations coupled with the lack of immediate usefulness
to a casual hobbyist. Without the sort of vibrant wild west
ecosystem that FOSS provides innovation happens much more
slowly and most of the participants will be entrenched.
colmmacc wrote 16 hours 41 min ago:
I listened to your great podcast and the remark along the lines
of "unencrypted police comms let the robbers know when the police
are getting close" made me wonder if anyone has built a simple
signal intensity detector for the encrypted radios. You don't
need to hear the contents to know that the radios are closing in
on you. I can't imagine police forces practice RF silence like
special forces do.
It really would be better to hide in the noise of 5G.
nullc wrote 15 hours 11 min ago:
> the remark along the lines of "unencrypted police comms let
the robbers know when the police are getting close"
Criminals sophisticated enough to do that are usually not going
to get caught regardless, encryption or no and are generally
savvy enough to not make themselves a serious threat to public
comfort and order.
I don't think its a long reach to say that the public may be
better off with more ability to monitor police activity at a
cost of being weaker against that kind of criminal.
tptacek wrote 15 hours 3 min ago:
I think that was truer 15 years ago, but every criminal now
carries a police scanner with them (in the form a phone), and
the residents in my area who most avidly follow police
scanners are not the most technical people in the area.
(Having said all that, our muni voted against encrypting
radios; we lost 2-1 in a vote with the 2 other munis we share
dispatch with).
Unless you're talking about criminals doing traffic analytic
RF attacks, in which case, I agree, who cares?
jasonjayr wrote 16 hours 5 min ago:
[1] For about $700, you can get some pre-made kit to use SDR
to do Radio direction finding. IIRC this device uses the same
chips as a RTL-SDR, but it uses 4-5 of them, all synchronized
and has a signal emitter for calibration, and a nice web ui to
report the data.
(I have not used it, but I've been learning about all sorts of
neat radio products as I'm dabling and learning about SDR)
URI [1]: https://www.krakenrf.com/
nullc wrote 15 hours 8 min ago:
No current ability to track trunked radio units, though
arguably thats 'just a software problem'.
I have one and have found it to be quite easy to hunt down
ham repeaters that you can get to transmit more or less
non-stop... but relatively hard to use for intermittent
transmitters.
I need to see if I can figure out how to plub in my GNSS
compass output because inferring orientation from motion
requires an awful lot of moving around and is less reliable
than I'd like.
mystraline wrote 16 hours 24 min ago:
I have a BT scanner app for my phone. "BLE Radar".
I have a detection on there for the MAC address "00:25:DF:*".
That's the MAC OUI prefix for Taser International.
I keep it on while driving, because the badgecams and hardware
in cop cars spurts this out regularly. So even unmarked cars
show themselves.
buildbot wrote 16 hours 27 min ago:
Iâve long wanted to do this with an SDR and maybe some simple
ML, build a dataset by driving by cars/things with frequencies
of interest.
Now I wonder if you can fingerprint antennasâ¦
dumah wrote 16 hours 0 min ago:
You can fingerprint transmitters.
Antennas would be much more difficult and likely moot.
URI [1]: https://arxiv.org/html/2402.06250v1
mindcrime wrote 13 hours 17 min ago:
Some transmitters have such a distinct sound that you can
identify them with just your unassisted human hearing. Back
in my firefighting days, I remember that certain trucks or
stations had transmitters where you could identify them
from the half second or so of "hum" between the time
somebody keyed up the mic and the time they started
talking. Using ML / signal processing stuff on a computer,
yeah, you can probably get pretty fine grained at
discriminating these things.
DIR <- back to front page