The P25 security features, in which voice traffic can be encrypted with a secret key to frustrate unauthorized eavesdropping, are used to protect sensitive communications in surveillance and other tactical law enforcement, military and national security operations. Because radio signals are inherently easy to detect and intercept, encryption is the primary mechanism used to secure sensitive P25 traffic.
Our analysis found significant -- and exploitable -- security deficiencies in the P25 standard and in the products that implement it. These weaknesses, which apply even when encryption is properly configured, leak data about the identity of transmitting radios, enable active tracking and direction finding of idle (non-transmitting) users, allow highly efficient (low-energy) malicious jamming and denial of service, and permit injection of unauthenticated traffic into secured channels.
Unfortunately, many of these vulnerabilities result from basic design flaws in the P25 protocols and products, and, until the standard is changed and products are upgraded, cannot be effectively defended against by end users or P25 system administrators. While we are unaware of incidents of criminals carrying out the active attacks we discovered, the hardware resources required to conduct them are relatively modest. As technology advances, these attacks will demand increasingly fewer resources and less sophistication to carry out.
However, in addition to active attacks against P25, we also discovered a serious practical problem that can be exploited easily today against fielded P25 systems: a significant fraction of sensitive traffic that users believe is encrypted is actually being sent in the clear. In the metropolitan areas we sampled, we intercepted literally thousands of unintended clear transmissions each day, often revealing highly sensitive tactical, operational, and investigative data.
In every tactical system we monitored, encryption was available and enabled in the radios' configurations (and, indeed, was used correctly for the majority of traffic). Yet among the encrypted traffic were numerous sensitive transmissions sent in the clear, without their users' apparent knowledge. Virtually every agency using P25 security features appears to suffer from frequent unintended clear transmission, including federal law enforcement and security agencies that conduct operations against sophisticated adversaries.
This unintended clear sensitive traffic can be monitored easily by anyone in radio range, including surveillance targets and other adversaries, using only readily available, inexpensive, unmodified off-the-shelf equipment, including many of the latest generation of "scanner" radios aimed at the hobby market. Unintended cleartext therefore represents a serious practical threat to communications security for agencies that rely on P25 encryption.
P25 encryption usability deficiencies
As noted in our paper, we found two distinct causes for unintended sensitive cleartext in federal P25 systems, each accounting for about half the clear transmissions we intercepted: