To what extend are your really in control of your radios?
Can someone else control them, perhaps shutting them down or limiting what you can do with them?
In our IoT (Internet of Things) world things are open to purposeful and inadvertent control.
A 2022 Military Action event:
“As Russian troops invaded Ukraine, alleged Russian military hackers targeted the Via-Sat satellite system, deploying wiper malware that bricked people’s routers and knocked them offline. Around 30,000 internet connections in Europe were disrupted, including more than 5,000 wind turbines.” – Wired, 18 AUG 2022
A boo-boo car issue:
“They drove a 2014 to 2017 model Mazda, and they had tuned into KUOW, 94.9 on the FM dial, the NPR station.
That’s all it took.
Somehow the signal the station sent to the modern HD Radio that’s part of the Mazda infotainment center had, as Welding puts it, “fried” a major component.
That frying made the radios only play KUOW. No chance of catching a little classic rock or some Dori soliloquies. KUOW. Forever.
Also gone from the infotainment center were such features as Bluetooth, navigation, the clock and vehicle stats — “Many of the features I paid for when I bought it new,” Welding says.” – Seattle Times, 11 FEB 2022
A personal one:
The XYL’s EV needed updating, done over the air. Update went well until two weeks later when about half of the “nice to have features” suddenly stopped working, putting the vehicle into a “basic mode” where it does drive and charge, but not much else. Dealer and Manufacturer have the “Top Men” working on it as I type.
A computer one:
…. we learned via Microsoft’s Raymond Chen that back in the olden days of Windows XP, it was discovered that a music video of a song
called Rhythm Nation by Janet Jackson was causing Windows PCs to crash.
This is because the song in question contained resonant frequencies for 5400RPM hard drives which even crashed PCs in vicinity while the song
was being played.
While OEMs eventually fixed the issue, security agency MITRE has now declared it as an official exploit. – Security Discussions online and Tom’s hardware
A radio one:
If Microsoft Azure servers have an issue, or the Auth0 security part gets jiggled my remote station is DOA.
- So what if your radio is set up to shutdown on receipt of a certain signal?
- Or could be controlled by something through its internet connection?
- What do we control and what is controllable by others?
- What if the services that are needed to run your station disappear?
- Is there any workaround when services are disrupted?
- What happens if the support goes away or is abandoned?
- Pretty fair questions that likely are not completely answerable.
- It doesn’t make sense to forego all modern-conveniences to avoid the exposures.
But you should have a “Plan-B” in mind.
One strategy is to keep a set of radio gear that is old enough and simple enough to sidestep the exposure.
So does this mean Flex Radios are susceptible? Is Flex addressing this? Are any of the remote control HAM rig/controller makers addressing this?
Is Cellphone ‘convenience’ trumping our ignorance of security vulnerabilities within? Cellphone/Tablet APPS are the wild-west as to security – NEVER to be trusted!
Wonder how many Cellphone APPs/PC-programs/OS’s have dormant back-doors waiting to be keyed by outside rouges/alphabets. Think the 1995 movie ‘The Net’ not too far fetched even for Hollyweird.
Bigger issue is how do we do any extra Super-VPN to our ISP Cable Modem home/business input – since the embedded Cable-box VPN are well known/exploited to hackers & alphabets?
Good Questions Dale!
FlexRadio has taken certain measures for certain. My NDA as a FlexRadio Alpha Team member covers this area, and common sense it that any manufacturer would be unwise to layout specific mitigation and threat response issues in a public arena. So like they say in the movies “top men are on it.”
I have no insight or special knowledge of the various remote ham projects.
On your Cellphone/Apps/Programs/OS and I would expect IoT would be part of your list, concerns, perhaps we should never consider “Trust” to be Binary? Doubtful there is no absolutely trustworthy device, nor if the least trustworthy is always unusable.
Suggest reading https://www.schneier.com/ to get your full paranoia up.
[…] Is your radio vulnerable to outside control? In our IoT (Internet of Things) world things are open to purposeful and inadvertent control. With Varying Frequency […]
The KUOW Mazda issue was caused by the station uploading an image file used to display artist/song/station graphics without a file extension. The radio attempted to display this image and locked itself up. A reset by way of a firmware flash on the bench or hard reset by a service tech was all that was required to bring it back to normal. Xperi patched this issue moving forward.