back to article Cop an eyeful of that: Moto bungs 5-megapixel cam into plod radio

Motorola Solutions' MTP6750 is a police radio with a difference: it sports a five-megapixel camera that not only takes pictures but autographs them to stop bent or bungling coppers tampering with the evidence. The handset isn't just for the plod: it uses the TETRA telephony standard common to the police, security and emergency …

COMMENTS

This topic is closed for new posts.
  1. JaitcH
    Meh

    TETRA is not a Motorola Standard, nor particularly secure

    Contrary to what many believe, TETRA (formerly known as Trans-European Trunked Radio) is a Open Standard and is primarily hawked around the place by EADS / Cassidian and Motorola.

    It is proclaimed to be secure but at a recent symposium held in China I saw an interesting combination of a SDR (Software Defined Radio) coupled to a TETRA hacking computer which output intersting data, for those interested, DMO gateway functions, short data services (SDS), packet-switched data and circuit-switched data communication, etc. I was unable to understand the audio as I am not that fluent in Mandarin.

    One hundred and twenty plus countries have some TETRA systems. In VietNam there is a 3-base station system for Internal Security and the Peoples Police in the country's largest city, Ho Chi Minh, running over Motorola equipment but when I have monitored it is hardly active since the police prefer cell handsets! The Peoples Police (Cong An) spend most of their working hours 'patrolling' their offices seated sleeping in chairs which obviates the need for mobile communications.

    BeiJing, a hot spot for high-tech Plod communications uses a custom-built system with handhelds having swipes for ID cards and large display screens.

    Smartphones likely could provide similar services in most cases.

    1. Anonymous Coward
      Anonymous Coward

      Re: TETRA is not a Motorola Standard, nor particularly secure

      TETRA isn't all that similar to GSM when you get down to it.

      For one thing the coverage of the UK landmass is significantly better, for another it is self supporting in a crisis - just drop a radio (pretty much any TETRA radio) at the edge of a reception blackspot (I suggest the top a tube station or similar) and it can relay down into that station to improve the underground coverage - try that with a GSM handset...

      This is a good development for the various agencies which use the TETRA networks around the world, being able to digitally authenticate images (time, date and data) is going to be very valuable.

    2. Anonymous Coward
      Anonymous Coward

      Re: TETRA is not a Motorola Standard, nor particularly secure

      There are a number of encryption algorithms available but some are restricted to Shengen members (TEA2), with others available is available to all comers. Was the Chinese demo of the more secure encryption method or a commercial flavour?

      Standardized system and frequencies across Europe (except the French of course) has made it a successful technology, using 380-420 MHz also means the range is inherently much better than 2G, 2G or 4G systems and explains the terrible data throughput. Let's not get into the PRF biological issues ;-)

      1. Christian Berger

        Re: TETRA is not a Motorola Standard, nor particularly secure

        Most TETRA networks are unencrypted since setting up the keys is apparently not easy. So usually you can just use an SDR and sniff everything.

        As far as encryption goes. Those standards are proprietary standards. It's unlikely they are any good.

        Actually the main problem is key exchange. Maybe this could be solved by some sort of "bonking" wither via NFC or audio. So you connect 2 devices and they'll exchange their keys, and you can then exchange other keys with other devices, creating a web of trust.

  2. Anonymous Coward
    Anonymous Coward

    "The fingerprints are signed by the handset before being uploaded"

    I might be mis-reading it, but the implication of these words is that the fingerprints may not be signed until upload is initiated. If so, then isn't there some scope for doubt - ie tampering could take place before upload? Difficult to do, maybe, but any source of doubt could blow a hole in plans to use the photographs as evidence.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The fingerprints are signed by the handset before being uploaded"

      To modify the photos before upload you'd need some sophisticated forensic kit for tampering with mobile phones, and it's not like plod has access to this.

      Hang on...

  3. John Smith 19 Gold badge
    Meh

    "Contrary to what many believe, TETRA (formerly known as Trans-European Trunked Radio) is a Open Standard and is primarily hawked around the place by EADS / Cassidian and Motorola."

    Depends what they've been reading and where they've been reading it. TETRA has always been an open standard.

    "Smartphones likely could provide similar services in most cases."

    No.

    Try setting up closed user groups,

    P2P means this can work underground without assistance.

    Frequency band means better penetration.

    It looks like a clunky somewhat retro phone. It is not.

    1. Dan 55 Silver badge
      Headmaster

      GSM has closed user groups too.

    2. Christian Berger

      Well it is a "reimagination" of GSM. It's not very advanced technology wise. It's not meant to be. It's essentially combining the mindsets of GSM and trunk radio.

      Maybe they should have looked at WLAN and made a sort of UHF narrow band WLAN running in AdHoc mode. If you add some sort of mesh routing protocol like B.A.T.M.A.N. you might be better off.

  4. Anonymous Coward
    Anonymous Coward

    Secure enough

    I frequent a radio enthusiasts forum and can assure you that they would LOVE to be able to eavesdrop, but the usual advice is to not even waste your time dreaming about it. The processing power needed to crack it wouldn't be worth it. There isn't even a program I'm aware of, to decode unencrypted parts of the datastream, to show base station ID numbers. TETRA just doesn't seem to have any following at all amongst the 'discriminator tap' data crowd.

    There are many very knowledgeable people out there working on trying to get something out of some of the new digital two-way radio systems, and even receiving the relatively open 'DMR' (public 2 way radio) is still at an early stage.

    There are people who claim to have ways to receive all sorts of things, but they generally get laughed off the forums as nuts or trolls.

    Rest assure your mobile phone, domestic DECT phone, emergency services TETRA networks, are all safe (for the time being) from Joe Public with his simple scanner!

    1. Anonymous Coward
      Anonymous Coward

      Re: Secure enough

      well DECT isn't secure for a start, I set up a GnuRadio USRP with a bit of wet string antenna to see if I could listen in on the DECT terminal on the bench next to it - got around 30 DECT base-stations identified from god-knows-where. Was easy to do naughty things. Internet reveals that there's a £20 attack! Karsten et al showed that the DECT PRNG is effectively 22 bits and the PIN number discovery takes around a minute.

      Mobile phone (2G GSM) is completely busted, Karsten again - OpenBTS, Asterix - a fake GSM phone mast (BTS) is trusted by all handsets. Illegally Jam 3G and the current handsets drop down to GSM. Jam 4G/LTE and....That's RF & old protocol vulnerabilities, what about the website jailbreakme [dot] com for the iPhone, just visit this website and your iOS device is cracked - there must be malware websites that are cracking/exploiting iOS and the easier Android devices left, right & centre..

      Admittedly the USRP is not a 'simple' scanner, my AOR box cost $500 in 1998, and the USRP is available on eBay today for around the same price.... and doesn't just RX

      er...I won't comment on TETRA

    2. Christian Berger

      Re: Secure enough

      Well the "simple scanner" has evolved into a little USB SDR for less than scanners cost. And the Osmocom people are working on that. The low bandwidth and the absence of hopping make it an ideal target for SDRs. You can probably even just modify a radio to have a higher bandwidth and use SSB and a soundcard.

      Just because it's a bit secure and your 10+++ year old receiver would have to be modified for it doesn't mean it can't be decoded easily with the proper equipment.

      You are probably even the guy who claimed that doing operator side attacks to mobile phones are infeasible since base stations cost to much. Those problems are over by now. If there's a standard that's open and popular you will, after a relatively short time, find decent equipment to work with it.

  5. Anonymous Coward
    Anonymous Coward

    Meh - most of us have bodycameras now anyway which clip onto the front of our jacket or body armour. In terms of evidence, you just flip the camera on, film what you need and that's it, job done.

    To be honest though, you're better off filming over still images, as you can film whilst giving a verbal breakdown of what you're looking at, when and where, and that's effectively tying up the evidence.

    Still images are a bit old hat these days and as has been said, can be vulnerable to skullduggery.

    1. Martin 47

      Except you have forgotten that most judges are that old that still photography is new fangled tech to them

    2. DragonLord

      I think the point of this is not the still image rather it's the cryptographic signature attached to the image that matters.

      If the signed image is accepted in court as valid evidence, then that would open the doors to allowing the still images to "vouch" for recorded images, and build up a chain of trust. There's also the point that still images take up less space than recorded images.

  6. Dave 126 Silver badge

    It does seem a strange choice not to have a front facing camera, so the officer can snap a picture as soon as they turn up on the scene- perhaps as a crime is happening.

    As for video, those are good point- but you've got storage issues, and the editing down to the pertinent footage is complicated by the need to keep an audit trail.

    1. Bill Ray (Written by Reg staff)

      Oddly enough I asked the same question, but (according to Motorola) a front-facing camera wouldn't be pointing the right way when clipped to the lapel (moving the radio was not an option, given operational use) and as its intended to record evidence being able to see the screen while taking a snap was considered more important.

      I'm sure there would be technical reasons too, but that's the justification I was given.

      Bill.

      1. Lockwood

        I've tried lapel mounted cameras when cycling - great shots of the ground.

        And when I have a radio mounted on radio loops, it swings all over the place (Yes, TETRA clips have less swing on them than fabric loops).

        Hand aiming the camera allows for the exact shot to be taken, I suppose.

  7. Yet Another Anonymous coward Silver badge

    Streaming data

    2kb/s seems a bit poor.

    If we had some sort of hardwired link (say a closed circuit) it would be possible to transmit much more data - potentially even live images (or television as I believe it's called)

    It would even be possible to fix these units place you wouldn't have to have a policeman present.

    I forsee a total end to crime if these CCTV idea was implemented.

This topic is closed for new posts.

Other stories you might like