• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Amateur Radio Newsline article

Status
Not open for further replies.

ka5lqj

Member
Joined
Dec 13, 2003
Messages
427
Location
Near Lakeview, LA (Caddo Parish)
RADIO TECHNOLOGY: PROBLEMS WITH P25 SECURITY

While it’s not of much concern to hams who have adopted Project 25 digital audio, researchers looking at the security of this system have discovered that it's easily jammed, and almost as easily compromised. And all of this can be accomplished using a kid’s toy.

--

During a two-year study, researchers from the University of Pennsylvania found that encryption on a police P 25 network was not only routinely switched off, but also demonstrated how a 25 dollar toy called the "GirlTECH IM me" could be reprogrammed to jam transmissions and even exclude specific users or subnets. It also showed how a more-expensive option could track a specific user.

P 25 is the United States equivalent to the trans-European Trunked Radio or TETRA digital audio radio system. But unlike TETRA, which is deployed in a dedicated and fairly secure radio spectrum, P 25 had to be compatible with the existing analog systems, and is thus squeezed into a fixed 12.5 kilohertz split-channel spacing. However, that is not the only thing making it vulnerable. According to the report P 25 uses fixed-length packets, optionally encrypted using a symmetric key, distributed to handsets manually or over the air.

They say that the first problem is the key distribution doesn't always work. As such the research team found users frequently get cut out and have to ask the rest of the group to switch off encryption for the duration of the operation. Individual users can also, inadvertently, switch off their own encryption without other users being alert enough to notice.

The researcher's 16 page report does have practical advice for users of the P 25 digital audio mode. It suggests reprogramming handsets to make switching off encryption less obvious, and reminding users when it has been switched off. But the team also concludes that fundamentally the P 25 system wasn't designed with a properly layered security model, and that this will always leave it more vulnerable than it should be.
 

Raccon

Member
Joined
Mar 1, 2005
Messages
408
The TETRA part is poorly researched (if at all):
1. TETRA isn't just trans-European, it is used worldwide (just as P25 isn't restricted to the USA).
2. TETRA also uses a fixed carrier spacing (25kHz), so if that makes it vulnerable than TETRA must be also included.
3. TETRA isn't deployed in any [single] dedicated spectrum, there are multiple ones in use. However many public safety organisations use the 380-400MHz band.

IMHO no particular band is more vulnerable against an intentional attack as the attacker would just adopt to the particular band.
 

lep

Member
Premium Subscriber
Joined
Jan 15, 2002
Messages
948
TETRA has not been called "Trans European" for some years, the more correct name is "Terrestrial Trunking Radio System."
If you want to sell product in the world market, a system name with "European" is not smart marketing.
It was first approved by ETSI and then by the ITU-R (then known as WG8 now WG5). To the best of my recollection (I used to attend the meetings in Genevea at ITU Hqs) TETRA, EDACS and Project 25 were all approved at about the same time. ITU approval is more important in smaller nations than in the USA.

The quoted article is more techno hype than technical fact.
 

ka5lqj

Member
Joined
Dec 13, 2003
Messages
427
Location
Near Lakeview, LA (Caddo Parish)
"Thanks"

Thank you, Gentlemen?
There are some lady scanners out there too, LOL!

I don't understand how each of these systems work: Motorola, Open Sky, etc. I understand there is a propitiatory code that each one uses with maybe a special IC chip.

I'm an old, scanner freak from back in the '60's. When you had xtals or tunable: Radio $hack Patrolman 30-50, 150-174, 440-470mcs), Montaradio, even the little single channel AMECO's, 'member those? $19.95 :lol:

Again, Thank You for each explanation. It makes it a whole lot easier to understand

GOD BLESS,
73,

"Brother Don"/KA5LQJ
 
Last edited:
Status
Not open for further replies.
Top