The researchers, who won an award for their paper at a national conference, are working with law enforcement agencies to alleviate problems through software tweaks and training. But they said they also identified other security flaws with the radios that may be harder to fix.
With a bit of technical know-how, they were able to jam radio transmissions using a modified toy - an instant-messaging device designed for preteens. In addition, by using a radio to send out unobtrusive "pings," they were able to track the location of all radios tuned to a given frequency, as well as the federal agency the users worked for.
"It's like Harry Potter's Marauder's Map," said lead author Sandy Clark, referring to the magical parchment that reveals the location of anyone at Hogwarts School.
The main problem - the unintended transmission of secret details in the open - appeared to be the result of using the radios incorrectly, according to the researchers, who presented their findings at the USENIX Security Symposium in San Francisco. But the study authors stressed that the true blame belonged with the needlessly complex design of the radio system, not with the federal agents.
"These people are really good at their jobs," Clark said. "They're professionals. It's not the fault of the user."
Spokesmen for both the FBI and the Department of Homeland Security declined to comment.
Federal agencies have been very receptive in learning about the shortcomings and in working together to address them, said the researchers, who were funded partly by the National Science Foundation.
To those who would carp that such research gives ideas to terrorists and other criminals, the authors say it's dangerous to assume that bad guys haven't already spotted the flaws, too.
