Serious Vulnerability In European Trunked Radio System

July 26, 2023 by Bryan Cockfield 40 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

Tivoli Teardown Disappoints

July 25, 2023 by Chris Lott 32 Comments

[Fran] has been curious about the innards of Tivoli Audio’s Model One radio, but was reluctant to shell out $200 just to tear it apart. But she found one recently on eBay, won the auction, and proceeded to do a review and teardown. Spoiler alert, she was disappointed.

Physically speaking, the radio looks great and has quite an array of I/O connections. The geared tuning knob looks cool, but is heavily damped which [Fran] isn’t keen about. Turning it on, a few more quirks are discovered. The volume control is out-of-whack — it appears they substituted a linear taper potentiometer where a logarithmic taper was called for.

Another problem, at least in the RF-dense metropolitan areas like Philadelphia, is the FM tuner’s station-lock feature. It is so strong that it can be impossible to tune in weak stations. This is especially ironic since, according to Wikipedia, that was one of audio engineer Henry Kloss’s main goals when founding Tivoli Audio back in 2000:

Their first product was the Model One, a simple to use mid-century modern designed table top radio with a high-performance tuner, receiving FM radio in congested urban locations, while maintaining the ability to pick out distant or low power stations. Kloss had noted that the mid 60’s wave of Japanese radios lacked the ability to receive FM stations in congested locations, and this became a defining goal of his radio designs throughout his career.

Interestingly, many folks in the YouTube comments say their Model One radios have none of these issues. We wonder if [Fran] has obtained a damaged radio, or maybe a newer version produced with less attention to detail. If you have a broken Model One radio, before tossing it, consider the hack we wrote about last year, turning it into an internet radio.

Continue reading “Tivoli Teardown Disappoints” →

A Vintage Transistor Radio Gets A Repair

July 24, 2023 by Jenny List 19 Comments

Here in 2023 the field of electronics covers a breathtaking variety of devices and applications, but if we were to go back in time far enough we’d enter an age in which computers were few and far between, and any automated control systems would have been electromechanical at best. Back in the 1950s the semiconductor industry was in relative infancy, and at the consumer end electronics were largely synonymous with radio. [Shango066] brings us a transistor radio from that era, a Jewel TR1 from about 1958, that despite its four-transistor simplicity to our eyes would have been a rare and expensive device when new.

As you’d expect, a transistor radio heading toward its 70th birthday requires a little care to return to its former glory, and while this one is very quiet it does at least work after a fashion. The video below the break is a long one that you might wish to watch at double speed, but it takes us through the now-rare skill of fault-finding and aligning an AM radio receiver. First up are a set of very tired electrolytic capacitors whose replacement restores the volume, and then it’s clear from the lack of stations that the set has a problem at the RF end. We’re treated to the full process of aligning a superhet receiver through the relatively forgiving low-frequency medium of a medium-wave radio. Along the way, he damages one of the IF transformers and has to replace it with a modern equivalent, which we would have concealed under the can from the original.

The video may be long, but it’s worth a look for the vintage parts if not for the quality of radio stations on the air today in California. For many readers, AM broadcast is becoming a thing of the past, so we’re not sure we’ll see this very often.

Continue reading “A Vintage Transistor Radio Gets A Repair” →

Bringing A Baofeng Into The Cyberpunk 2077 Universe

July 14, 2023 by Dan Maloney 10 Comments

You’ve got to love the aesthetics of dystopian cyberpunk video games, where all the technology looks like it’s cobbled together from cast-off bits of the old world’s remains. Kudos go to those who attempt to recreate these virtual props and bring them into the real world, but our highest praise goes to those who not only make a game-realistic version of a prop, but make it actually work.

Take the Nokota Manufacturing radio from Cyberpunk 2077, for instance. [Taylor] took one look at that and knew it would be the perfect vessel for a Baofeng UV-5R, the dual-band transceiver that amateur radio operators love to hate. The idea is to strip the PCB out of a Baofeng — no worries, the things cost like $25 — and install it in a game-accurate 3D printed case. But this is far from just a case mod, since [Taylor]’s goal is to replace the radio’s original controls with something closer to what’s in the game.

To that end, [Taylor] is spinning up an interface to the stock radio’s keypad using some 7400-series bilateral analog switches. Hooked to the keypad contacts and controlled by a Mini MEGA 2560 microcontroller, the interface is able to send macros that imitate the keypresses necessary to change frequencies and control the radio’s settings, plus display the results on the yellow OLED screen that seems a dead-ringer for the in-game display. The video below shows some early testing of the interface.

While very much still a work in progress, we’ve been following [Taylor]’s project for a week or so and he’s really gaining some ground. We’ve encouraged him to enter this one in the Cyberdeck Challenge we’ve got going on now; it might not have much “deck” going for it, but it sure does have a lot of “cyber.”

Continue reading “Bringing A Baofeng Into The Cyberpunk 2077 Universe” →

A Quick Look At The Hilbert Transform

July 9, 2023 by Al Williams 30 Comments

While the Fourier transform gets all the attention, there are other transforms that engineers and mathematicians use to transform signals from one form to another. Sometimes you use a transform to make a signal more amenable to analysis. Other times, you do it because you want to manipulate it, and the transform is easier to change than the original signal. [Electroagenda] explains the Hilbert transform, which is often used to generate single-sideband signals.

The math behind the transformation is pretty hairy. However, if you understand the Fourier transformer, you can multiply the Fourier transform by -i sgn(ω), but that isn’t really going to help you much in a practical sense. If you don’t want to bog down in the math, skip immediately to section two of the post. That’s where it focuses more on the practical effect of the transform. You can think of the transform as a function that produces a 90 degree phase shift with a constant gain. For negative frequencies, the rotation is 90 degrees and for positive frequencies, the shift is negative.

Continue reading “A Quick Look At The Hilbert Transform” →

Russian Weather Satellite Reuses Name, Yields Images

July 7, 2023 by Al Williams 12 Comments

Which Russian weather satellite has the name Meteor 2? According to [saveitforparts], pretty much all of them. He showed how to grab images from an earlier satellite with the same name a while back. That satellite, though, met with some kind of disaster, so he’s posted a new video about reading data from the new Meteor 2 and you can watch it below.

The interesting part, we thought, was that the software he’s using, Raspberry-NOAA v2, doesn’t know about this incarnation of the bird which has only been up for a few weeks. That means he had to find a satellite with similar orbital parameters. Eventually, the program will have the setup for this satellite.

Continue reading “Russian Weather Satellite Reuses Name, Yields Images” →

Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan

July 6, 2023 by Dan Maloney 21 Comments

Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.

The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.

[Piotr]’s description of the mod as a trojan seems apt since his new programs run in parallel to the OEM firmware by wrapping its vector table. We’d imagine other mods are possible, and we’re keen to see what people come up with for these hackable little units. Just make sure you’re staying within the law, especially in the United States — the FCC does not play games (third item).