2. Amateur radio operators are unable to utilize encryption.
This is almost entirely the fault of the old ham generation.
This generation is not interested in encryption or innovation.
Proposals for encryption were shutdown by HAMS not the FCC.
The State of Radio Data
Clear text
Location data
Hospital data
Personal data
Phone numbers
etc
3. We simply are not authorized to encrypt data on the
amateur radio bands.
There is little to nothing (without this) that can be
done to secure data ‘in the air’
However…
We can secure the data on our internet backlinks.
and we should.
4. Automated Packet Reporting System..
Transmits location data as well as messages, weather, etc.
The APRS-IS Network is a back-end to the RF APRS Network.
APRS.fi
Website allows tracking of ALL APRS network users in real-time.
Website allows viewing of RAW data.
Findu.com
Website allows you to message anyone using unverified callsigns.
Website allows snooping. Ie: View messages between operators.
APRSMail
Winlink to aprs gateway. More on Winlink later.
5. Winlink
The email to RF network bridge
Telnet backend
100% clear text
No Authentication or passwords
Very Exploitable
With a little scripting knowledge you can dump the emails of ALL
winlink users.
Send emails from anyone's callsign email address
6. I get it, we can’t encrypt over the radio right now.
What can we do?
Limit access to data over the internet
Encrypt the back-ends
Force password protection schemes
Provide documentation to allow developers to securely work with
these networks.
7. Fully encrypt the APRS-IS backend
Preventing users from blindly monitoring the network
Developers should have API keys where access is needed
APRS-fi
Hide ALL message data
Hide locations by default unless a user specifies public tracking
Findu.com
Shut this thing down –or
Validate ALL callsigns
Require registration and require a password
Do NOT allow blind monitoring of messages (encrypted backend)
8. Force registration with a password
Validate the user with a callsign lookup
Encrypt your back-end
Shutdown your Telnet links
9. Data within the APRS-IS networks can be gated to RF
A single attack could flood the APRS-IS network world-wide.
This flood could be spoofed to gate it to RF.
RF gated floods would lock up networks, air space, and cause FCC
violations.
Email to APRS networks could allow dumping off user details.
Data within the Winlink system can be obtained
A single attacker with enough time could copy all user emails.
An attacker could send email using any hams callsign/address.
10. It doesn’t have to be.
You now know what’s wrong, let’s see if anyone tries to
fix it.
Before someone tries to attack these networks on a
global scale.