NSA on the Cheap

Last year, we discovered a number of protocol weaknesses in P25, a “secure” two-way radio system used by, among others, the federal government to manage surveillance and other sensitive law enforcement and intelligence operations. Although some of the problems are quite serious (efficient jamming, cryptographic failures, vulnerability to active tracking of idle radios, etc.), many of these vulnerabilities require an active attacker who is able and willing to risk transmitting. So we also examined passive attacks, where all the attacker needs to do is listen, exploiting usability and key management errors when they occur. And then we built a multi-city networked P25 interception infrastructure to see how badly the P25 security protocols do in practice (spoiler: badly).

This talk will describe the P25 protocols and how they failed, but will focus on the architecture and implementation of our interception network. We used off-the-shelf receivers (with some custom software) deployed around various US cities, capturing virtually every sensitive, but unintentionally clear, transmission (and associated metadata) sent by federal agents in those cities. And by systematically analyzing the captured data, we often found that the whole was much more revealing than the sum of the parts.