Matt Blaze posted a lengthy summary at his blog of research by him and several others on encrypted communications systems used by law enforcement agencies, Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System [pdf]. The short version is that the widely used P25 system leaks information even when used properly and is vulnerable to a DOS-style attack that only requires the attacker to broadcast a small fraction of the power that the P25 uses.
And there are a number of design and implementation decisions that often lead it to not being used properly. For example, Blaze and his fellow researchers were able to record a substantial amount of audio that law enforcement thought it was broadcasting in encrypted mode, but was in fact being broadcast in the clear. Why?
What’s going on here? There appear to be two problems. First, there is only poor feedback to the user about whether encryption is actually enabled, and radios set to clear mode will happily interoperate with radios set to encrypted mode, making it unlikely that errors will be detected during an operation. Second, many P25 systems, including those used by the federal government, are “rekeyed” at frequent intervals, in the apparent (and basically erroneous) belief that changing encryption keys regularly improves security. The effect is that many users are often left without current key material, and must revert to clear mode in order to communicate.
Ah yes, the “change your password frequently regardless of context” cult strikes again.