logo
logo

Researcher jailed for finding security flaws in police communications

avatar
Jackie Brown
img

A cybersecurity researcher in Slovenia has received a suspended jail sentence for helping to uncover security vulnerabilities exposing sensitive military and police radio communications

A cybersecurity researcher in Slovenia has received a suspended jail sentence of 15 months for publicly disclosing security flaws in a police-encrypted communications protocol after Slovenian police took no action to fix the problems.

Dejan Ornig, 26, was a student at the University of Maribor's Faculty of Criminal Justice and Security in 2012 when he and 25 other students were asked to analyse network vulnerabilities in Terrestrial Trunked Radio Tetra , which is an ETSI standard for mobile radios and two-way transceivers specifically designed to secure sensitive communications for public safety networks, emergency services and the military.

While working on the project, Ornig discovered that the Slovenian authorities had incorrectly configured the Tetra protocol, meaning that unencrypted sensitive military and police data was being sent over the internet about 70% of the time that was available for anyone to intercept.

The newspaper also tried to contact the Slovenian Ministry of Defence in the same month, but its public relations department did not respond when given evidence that military communications were not being protected.

They also decided to raid Ornig's home in April, seizing his computer and a €20 device that Ornig had used to passively intercept Tetra traffic data as it passed between the mobile radios and the Tetra base stations.

And now Podcrto.si says that as a reward for Ornig's help in pointing out serious security vulnerabilities, instead of being thanked, he has now been handed a-15 month suspended jail sentence.

collect
0
avatar
Jackie Brown
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.