Risky Business #178 -- Bricking police radios with P25 vulnerabilities

Stephen Glass of OP25 summarises the project's research...
25 Nov 2010 » Risky Business

On this week's show we're joined by Stephen Glass of the OP25 project.

P25, also known as Project 25 or APCO 25, is a wireless protocol used by federal, state and local agencies all over the world. It's what drives police and fire service radios, for example.

Perhaps not surprisingly there are some problems with the way p25 handles encryption. It relies on the antiquated DES standard and the key is relatively easy to brute force, for example

But there was one finding in the talk that knocked everyone's socks off. As it turns out, it's possible to remotely disable P25 radios. The operators of P25 networks can remotely brick any radio on their system. The funny part -- the genuinely hysterical part -- is that there's no authentication whatsoever on that command.

Just issue a kill command with the radio's ID in it and it's bricked, and as every transmission broadcasts each radio's ID, that's a real problem.

Also on this week's show, Symantec's Liam O'Murchu drops in to discuss his work on the Stuxnet worm -- that's this week's sponsor interview. And Adam Boileau is back in the news seat for a look at the week's news headlines.

WARNING: I didn't edit out ALL the bad language this week... missed a couple of "F-Bombs"... Just an FYI