I’ve considered the merits of posting this information in view of its potentially sensitive content. The following information is available from numerous sources other than this website. I believe the benefit of making public safety officials aware of the extremely serious nature of this problem outweighs the risk of publication on my Blog. The problems will be corrected only after we recognize they exist.
Two Australian Security researchers, Stephen Glass and Matt Robert have published a paper that details flaws in the encryption implementation (PDF) in the APCO Project 25 digital radio standard, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a Denial of Service (DoS) attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the OP25 project, which uses GNUradio to implement a P25 stack using software defined radio. With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab.