Project 25 is an attempt by the government to have police, firemen, military units and any other public safety personnel dispatched during a crisis all on the same frequency to allow for easier communication. It’s digital, it’s advanced, it has encryption, the gear needed to listen to it costs a fortune, and a surefire way to screw it up completely can be found at your local mall for the cost of a decent meal, provided the people using it even bother to, oh, turn on the encryption in the first place.
The toy in question is the Mattel IM Me, which is basically a cheap pink pager they sell to preteens whose parents won’t buy them a cell phone. It turns out the phone, even when encrypted, relies on certain data sent over the airwaves, which the toy can disrupt with a pulse as short as 1/100th of a second. This wouldn’t be a problem if it used more than one frequency at a time — and guess what Project 25 doesn’t do?
It gets worse: The researchers at the University of Pennsylvania who found this flaw also discovered that, oh hey, most of the time, users weren’t even activating their encryption. And even if they were, the phones still sent out a unique identifier that also announced their location, which means that a hacker could do “traffic analysis” to, say, find the typical route of a police patrol. In other words, the system is almost totally busted from a security standpoint.
Don’t these people have nerds of their own? Like, couldn’t they ask the NSA, “Hey, what sucks about this design?” or something? Anything? Guys?