Thinking about the FBI CI comms / Russia story some more (and chatting with some folks), I think most (but not all) of both the radio compromise and the PTT phone app compromise can be explained by systematic exploitation of known vulnerabilities.
-
Show this thread
-
For the radio stuff, we found (and published in 2011) attacks against P25 encrypted communication that exploit the ways the protocol aggressively leaks metadata. See https://www.mattblaze.org/papers/p25sec.pdf … Our paper does not explain how to recover encrypted voice traffic, however.
2 replies 6 retweets 20 likesShow this thread -
Key management in P25 is a mess, and I would be unsurprised if there were attacks against things like the key generation scheme used in, say, Motorola's key-loaders. But I don't know of any specific weaknesses here.
2 replies 6 retweets 20 likesShow this thread -
For the phone app attacks, remember that smartphone handsets leak all sorts of unencrypted metadata - IMSI on the cellular network, but also wifi and bluetooth MAC addresses. Systematically collecting this is easy and would identify agents following you over time.
2 replies 4 retweets 22 likesShow this thread -
Once identified, this metadata also provides useful information for targeting those handsets with more active attacks (at some risk of alerting them, but that's a typical tradeoff in intelligence).
2 replies 1 retweet 14 likesShow this thread -
Basically, systematic application of well known techniques (well within reach of a university, let alone a state actor) is sufficient to explain the traffic analysis of both the FBI's radios and its smartphone PTT app. Encrypted voice recovery is left as an exercise to the TLA.
1 reply 4 retweets 21 likesShow this thread -
BTW, a sub-scoop in the Yahoo story was the existence of the FBI PTT app, which I've never seen any public reference to. (It basically replaces the old Nextel system, which the FBI and other fed LE were heavy users of).
2 replies 3 retweets 15 likesShow this thread -
Anyway, the key difference between the Russians and some nerd with a scanner here isn't so much budget or tech ability, but willingness and motivation to be extremely systematic in what's collected and analyzed.
2 replies 3 retweets 27 likesShow this thread
And their access to finer forms of herring
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.