No, this story is about TETRA radios, which are used in Europe; I'm in Chicago, on Motorola's STARCOM (P25), which is ostensibly AES (it wouldn't be shocking to find vulnerabilities; in fact shocking not to, but it won't be as crazy as TETRA, which freelanced its entire encryption stack).
I listened to your great podcast and the remark along the lines of "unencrypted police comms let the robbers know when the police are getting close" made me wonder if anyone has built a simple signal intensity detector for the encrypted radios. You don't need to hear the contents to know that the radios are closing in on you. I can't imagine police forces practice RF silence like special forces do.
It really would be better to hide in the noise of 5G.
> the remark along the lines of "unencrypted police comms let the robbers know when the police are getting close"
Criminals sophisticated enough to do that are usually not going to get caught regardless, encryption or no and are generally savvy enough to not make themselves a serious threat to public comfort and order.
I don't think its a long reach to say that the public may be better off with more ability to monitor police activity at a cost of being weaker against that kind of criminal.
I think that was truer 15 years ago, but every criminal now carries a police scanner with them (in the form a phone), and the residents in my area who most avidly follow police scanners are not the most technical people in the area.
(Having said all that, our muni voted against encrypting radios; we lost 2-1 in a vote with the 2 other munis we share dispatch with).
Unless you're talking about criminals doing traffic analytic RF attacks, in which case, I agree, who cares?
For about $700, you can get some pre-made kit to use SDR to do Radio direction finding. IIRC this device uses the same chips as a RTL-SDR, but it uses 4-5 of them, all synchronized and has a signal emitter for calibration, and a nice web ui to report the data.
(I have not used it, but I've been learning about all sorts of neat radio products as I'm dabling and learning about SDR)
No current ability to track trunked radio units, though arguably thats 'just a software problem'.
I have one and have found it to be quite easy to hunt down ham repeaters that you can get to transmit more or less non-stop... but relatively hard to use for intermittent transmitters.
I need to see if I can figure out how to plub in my GNSS compass output because inferring orientation from motion requires an awful lot of moving around and is less reliable than I'd like.
also the "kraken" may be $700, but there was kerberosdr/hydrasdr which was much cheaper. Furthermore, trunking is usually done within the bandwidth of a typical SDR so it doesn't really obfuscate it as much as one would think. Also i bought one; not to find repeaters, but to find trolls who were using repeaters. I'd monitor the input frequency to the repeater, apparently the same as mitnick would.
there were trunking scanners in the late 90s / early 2000s, as well. my neighbor had one.
Some transmitters have such a distinct sound that you can identify them with just your unassisted human hearing. Back in my firefighting days, I remember that certain trucks or stations had transmitters where you could identify them from the half second or so of "hum" between the time somebody keyed up the mic and the time they started talking. Using ML / signal processing stuff on a computer, yeah, you can probably get pretty fine grained at discriminating these things.
"which is ostensibly AES" in the 5% or less of deployments that turn that on
Both of the systems are crap, when we were evaluating them for nationwide purchase we chose TETRA because of systemic safety features (like local DMO handover modes for public safety use in noisy environments), but when I read their crypto choices I made screwy faces constantly, I wasn't in the slightest bit surprised when this research came out.
I remember at the time some ex signals military folks trying to tell me that the encryption barely matters as the channel selection rate is so high you'd need multi-site intercepts to even make heads of tails of it, sadly they didn't really seem to understand how far SDR and compute has come. The whole experience to this day flavors a lot how I think about military and telco thinking around the whole space, everything touching that boundary feels infected with oldthink.
> everything touching that boundary feels infected with oldthink.
I'd guess that's due to the expense of the equipment and all the regulations coupled with the lack of immediate usefulness to a casual hobbyist. Without the sort of vibrant wild west ecosystem that FOSS provides innovation happens much more slowly and most of the participants will be entrenched.
