Allow me to speculate massively. Hiss sounds more like weak signal acquisition. Perhaps in this case, Mitnick was interfering but not defeating encryption.
And on a related note, for anyone who is interested in listening in on any local P25 transmissions, you can do so in a fairly inexpensive manner, using an RTL-SDR dongle and the Open Source op25[3] software package. No listening to encrypted traffic, but IME, many (maybe most) public safety agencies keep most of their traffic in the clear. More so for fire/ems traffic. Law enforcement is more likely to be encrypted, but even then, I find that many jurisdictions only encrypt a small number of channels, like maybe a dedicated vice/narc squad channel, SWAT team channel, etc. General LE dispatch and tac channels are still in the clear in many areas.
[1]: https://en.wikipedia.org/wiki/Project_25
[2]: https://www.reddit.com/r/tacticalgear/comments/1f4d5dr/psa_p...
And note that since it is an active attack that requires the attacker to transmit, it opens up the possibility of the attacker giving up their own location in turn.
My take is that it's fun to think about, but largely lacking in real world applicability in most situations.
Thinking out loud... an RTL-SDR dongle costs like $35.00 or so (well maybe more now due to tariffs, I haven't bought one in a while), plenty of relevant software is open source (GNURadio etc.), drones are cheap, small solar panels are fairly inexpensive. Hmm... I almost think a motivated individual (or small group of individuals) could piece together a rather capable "distributed monitoring/alert" system.
Not that I'm encouraging anyone to do such a thing, of course.
If anything, it's the most basic of "wireless site survey" applications.
FuzzyDunlop has graduated to HissyMarconi in The Wire season 12 :)
They're a public service funded by taxpayer dollars. Knowing what they're doing seems reasonable.
One evening we are on AIM chatting and he explains what is going on: noise complaint at a house down the block (kids partying)
He looks the address up and calls them to warn them and sits back to see if they do anything.
sounds like they managed to bail before anyone showed up to the address.
This isn't so much directly evading law enforcement but it's effective as it can easily cause police take actions that cause evidence and cases to be thrown out, raise reasonable doubt, etc.
Depleting resources and diversions are also relatively common, creating a 'fake' public threat or hate crime to investigate bleeds police resources away from ongoing investigations, etc.
The tango between gang squads and organized criminal groups is an ongoing escalating battle. The EncroPhone transcripts revealed a lot.
In europe when the police comes to a loud party, they come and tell the people to please be more silent. (And if it is just minor kids, ask for a adult) So if the party dispersed in panic before they even arrive .. problem solved fpr them?
Or does the US police busts loud parties gun blazing in general?
Nah, but lots of these parties have kids below than 21 (or whatever the legal drinking age is). So they get fined or arrested if caught so they leg it.
A friend attended a Chicago-suburb high school for a year (exchange student). Said he had to run from cops at private parties about a handful of times in that year, and that it was pretty normal in his group.
Leaving the radios unencrypted merely lends advantage to more-sophisticated bad actors.
Much more likely is that the opacity of encryption lends advantage to the unsophisticated bad actors (ie, the 'official' ones).
I think most of us, at least in the USA, are far more ready to take our chances with these hypothetical sophisticated bad actors than to reduce the real-time transparency of verified ones.
Now you can’t. For better or worse, eh?
The City of Chicago makes decrypted audio available, just on a 30 minute delay. That's a sane compromise, I think.
It sounds sane! Though I wonder if like body cams the decrypted channel will have mysterious malfunctions every so often when anything interesting happens?
A 30-minute delay crushes that.
I don't care one way or another, but it's silly to say there's no actual concern there, I think.
I'm not saying there's no concern. I'm just not sure if this 30 min delay is as effective as it sounds at first glance. My gut reaction has been wrong enough times in my life that I have gotten in the habit of challenging my own assumptions.
It really would be better to hide in the noise of 5G.
I have a detection on there for the MAC address "00:25:DF:*". That's the MAC OUI prefix for Taser International.
I keep it on while driving, because the badgecams and hardware in cop cars spurts this out regularly. So even unmarked cars show themselves.
For about $700, you can get some pre-made kit to use SDR to do Radio direction finding. IIRC this device uses the same chips as a RTL-SDR, but it uses 4-5 of them, all synchronized and has a signal emitter for calibration, and a nice web ui to report the data.
(I have not used it, but I've been learning about all sorts of neat radio products as I'm dabling and learning about SDR)
I have one and have found it to be quite easy to hunt down ham repeaters that you can get to transmit more or less non-stop... but relatively hard to use for intermittent transmitters.
I need to see if I can figure out how to plub in my GNSS compass output because inferring orientation from motion requires an awful lot of moving around and is less reliable than I'd like.
Now I wonder if you can fingerprint antennas…
Antennas would be much more difficult and likely moot.
Criminals sophisticated enough to do that are usually not going to get caught regardless, encryption or no and are generally savvy enough to not make themselves a serious threat to public comfort and order.
I don't think its a long reach to say that the public may be better off with more ability to monitor police activity at a cost of being weaker against that kind of criminal.
(Having said all that, our muni voted against encrypting radios; we lost 2-1 in a vote with the 2 other munis we share dispatch with).
Unless you're talking about criminals doing traffic analytic RF attacks, in which case, I agree, who cares?
Both of the systems are crap, when we were evaluating them for nationwide purchase we chose TETRA because of systemic safety features (like local DMO handover modes for public safety use in noisy environments), but when I read their crypto choices I made screwy faces constantly, I wasn't in the slightest bit surprised when this research came out.
I remember at the time some ex signals military folks trying to tell me that the encryption barely matters as the channel selection rate is so high you'd need multi-site intercepts to even make heads of tails of it, sadly they didn't really seem to understand how far SDR and compute has come. The whole experience to this day flavors a lot how I think about military and telco thinking around the whole space, everything touching that boundary feels infected with oldthink.
I'd guess that's due to the expense of the equipment and all the regulations coupled with the lack of immediate usefulness to a casual hobbyist. Without the sort of vibrant wild west ecosystem that FOSS provides innovation happens much more slowly and most of the participants will be entrenched.
The audio quality on the analogue signal is a lot better than the P25 version, which is often harder to understand.
(And the fact that it’s taking so long to implement link layer authorization, barely a scratch in the security dent…)
Got what they asked for.
You do need authorization to buy a transmitter though, at least where I live.
Weird it's regulated, given you can use mobile phones like that (sure, you need coverage).
Yes, it is also illegal to post PHI over pagers, due to HIPAA addendum in 2016.
But 1986 ECPA law forbids decoding pager messages unless they were intended for you.
Haven't read a Wired article in months :-|
And thanks to poster for adding archive link.