[ISN] Penn researchers work to make federal agents' radios more secure

From: InfoSec News <alerts_at_nospam>
Date: Tue Sep 20 2011 - 05:25:02 GMT
To: isn@infosecnews.org

http://www.philly.com/philly/health_and_science/130094458.html

By Tom Avril
Inquirer Staff Writer
Sept. 19, 2011

When a team of University of Pennsylvania computer scientists set out to
test the security of the encrypted two-way radios widely used by federal
agents, they were in for an unnerving surprise:

For a small but significant part of the time, the radio traffic was not
even encrypted.

All they had to do was turn on a store-bought receiver and they could
hear agents discussing the identities of undercover agents and
informants, locations of surveillance targets, and other sensitive
details, the researchers reported in a study last month.

In one three-month period, the team said it picked up this kind of
traffic for 23 minutes a day, on average, in several unidentified cities
where listening posts were set up.

The researchers, who won an award for their paper at a national
conference, are working with law enforcement agencies to alleviate
problems through software tweaks and training. But they said they also
identified other security flaws with the radios that may be harder to
fix.

With a bit of technical know-how, they were able to jam radio
transmissions using a modified toy - an instant-messaging device
designed for preteens. In addition, by using a radio to send out
unobtrusive "pings," they were able to track the location of all radios
tuned to a given frequency, as well as the federal agency the users
worked for.

"It's like Harry Potter's Marauder's Map," said lead author Sandy Clark,
referring to the magical parchment that reveals the location of anyone
at Hogwarts School.

[...]

_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/

This message: [ Message body ]
Next message: InfoSec News: "[ISN] DigiNotar Hacked Out Of Business"
Previous message: InfoSec News: "[ISN] Japan's biggest defence contractor hit by hackers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]