Print Friendly, PDF & Email

Researchers at the University of Pennsylvania recently published a report on the security vulnerabilities of the P25 digital radio protocol.  Everyone who is responsible for management or procurement of digital public-safety radio should be aware of the issues identified in this study.

Click here to read the University of Pennsylvania study:  Security Weaknesses in the APCO Project 25 Two-Way Radio System

Three years ago I wrote about the vulnerability of digital trunked radio systems to terrorist attack.  (Click here to read the article.)  Unfortunately, I didn’t have the knowledge or resources to conduct a comprehensive analysis of the issue.  The researchers at the University of Pennsylvania recently completed a thorough investigation into the problem.  It is worse than I suspected.

Here are some excerpts from the University study:

“We find a number of protocol, implementation, and user interface weaknesses that can leak information to a passive eavesdropper and that facilitate active attacks. In particular, P25 systems are highly susceptible to active traffic analysis attacks, in which radio user locations are surreptitiously determined, and selective jamming attacks, in which an attacker can jam specific kinds of traffic (such as encrypted messages or key management traffic).”

“P25 uses a narrowband (C4FM in Phase 1 systems) modulation scheme designed to fit into channels compatible with the current spectrum management practices for two-way land mobile radio. Unfortunately, although this was a basic design constraint, it not only denies P25 systems the jamming resistance of digital spread spectrum systems, it actually makes them more vulnerable to denial of service than the analog systems they replace. The P25 protocols also permit potent new forms of deliberate interference, such as selective attacks that induce security downgrades, a threat that is exacerbated by usability deficiencies in current P25 radios.”

Some manufacturers are taking P25 security measures into their own hands by implementing proprietary security schemes.  This contributes to the problem of interoperability between radios made by different manufacturers, and sometimes between different products made by the same company.

The security vulnerabilities will hasten the obsolescence of P25 technology.