During the Reagan Administration, the ‘government waste’ meme was all about $600 toilet seats and $300 hammers. Those looking for a more contemporary example of how government procurement gets it wrong might point, instead, to Project 25 (P25), a decade old effort to provide first responders and federal officials with a reliable and secure emergency radio system.
As it turns out, the $3,000 dollar devices are neither reliable nor secure. According to a presentation this week’s USENIX Security Symposium in San Francisco, the P25 system is highly vulnerable to denial of service attacks and snooping.
In this video from the show, researchers Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze of the University of Pennsylvania demonstrated some of the more obvious flaws of the system, which has been adopted by federal officials as well as state and local governments. Among the more striking parts of the presentation was a P25 jamming device that the researchers created using the Girltech IMME, a (pink) texting device designed for young girls.
