This, my friends, is what happens when you try to design something securely without talking to security experts.

I’m surprised that the manufacturer of the radios involved hasn’t sued the security researchers to keep them silent, in the belief that if the researchers don’t tell anybody about the problems, they effectively don’t exist (known derisively as “security by obscurity” in security circles). It has happened at least four times in the last few years, and those are just the ones that I heard of.

Thing is, “security by obscurity” doesn’t work: less ethical researchers can find out the same things, and sell the information directly to interested groups for huge sums. There are already a number of computer vulnerability researchers selling the fruits of their labor to the NSA and other legitimate governmental security organizations, and they’re taking in tens of thousands of dollars for useful ones. Presumably less-legitimate groups with an interest — like computer criminals — bid even higher for them.

EDIT: more (and somewhat more technical) information here.