radio

532 Articles

Did TETRA Have A Backdoor Hidden In Encrypted Police And Military Radios?

July 27, 2023 by 42 Comments

Encrypted communications are considered vital for many organizations, from military users to law enforcement officers. Meanwhile, the ability to listen in on those communications is of great value to groups like intelligence agencies and criminal operators. Thus exists the constant arms race between those developing encryption and those desperately eager to break it.

In a startling revelation, cybersecurity researchers have found a potentially intentional backdoor in encrypted radios using the TETRA (TErrestrial Trunked RAdio) standard. TETRA equipment is used worldwide by law enforcement agencies, military groups, and critical infrastructure providers, some of which may have been unintentionally airing sensitive conversations for decades.

Continue reading “Did TETRA Have A Backdoor Hidden In Encrypted Police And Military Radios?”

Serious Vulnerability In European Trunked Radio System

July 26, 2023 by 40 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

Bringing A Baofeng Into The Cyberpunk 2077 Universe

July 14, 2023 by 10 Comments

You’ve got to love the aesthetics of dystopian cyberpunk video games, where all the technology looks like it’s cobbled together from cast-off bits of the old world’s remains. Kudos go to those who attempt to recreate these virtual props and bring them into the real world, but our highest praise goes to those who not only make a game-realistic version of a prop, but make it actually work.

Take the Nokota Manufacturing radio from Cyberpunk 2077, for instance. [Taylor] took one look at that and knew it would be the perfect vessel for a Baofeng UV-5R, the dual-band transceiver that amateur radio operators love to hate. The idea is to strip the PCB out of a Baofeng — no worries, the things cost like $25 — and install it in a game-accurate 3D printed case. But this is far from just a case mod, since [Taylor]’s goal is to replace the radio’s original controls with something closer to what’s in the game.

To that end, [Taylor] is spinning up an interface to the stock radio’s keypad using some 7400-series bilateral analog switches. Hooked to the keypad contacts and controlled by a Mini MEGA 2560 microcontroller, the interface is able to send macros that imitate the keypresses necessary to change frequencies and control the radio’s settings, plus display the results on the yellow OLED screen that seems a dead-ringer for the in-game display. The video below shows some early testing of the interface.

While very much still a work in progress, we’ve been following [Taylor]’s project for a week or so and he’s really gaining some ground. We’ve encouraged him to enter this one in the Cyberdeck Challenge we’ve got going on now; it might not have much “deck” going for it, but it sure does have a lot of “cyber.”

Continue reading “Bringing A Baofeng Into The Cyberpunk 2077 Universe”

Adding Smart Watch Features To Vintage Casio

July 3, 2023 by 16 Comments

[Matteo] has been a fan of the Casio F-91W wristwatch virtually since its release in 1989. And not without good reason, either. The watch boasts reliable timekeeping and extremely long battery life thanks to a modern quartz crystal and has just about every feature needed in a watch such as an alarm and a timer. And, since it’s been in use since the 80s, it’s also a device built to last. The only thing that’s really missing from it, at least as far as [Matteo] was concerned, was a contactless payment ability.

Contactless systems use near-field communication (NFC) to remotely power a small chip via a radio antenna when in close proximity. All that’s really required for a system like this is to figure out a way to get a chip and an antenna and to place them inside a new device. [Matteo] scavenges the chip from a payment card, but then builds a new antenna by hand in order to ensure that it fits into the smaller watch face. Using a NanoVNA as an antenna analyzer he is able to recreate the performance of the original antenna setup in the smaller form factor and verify everything works before sealing it all up in a 3D-printed enclosure that sandwiches the watch.

There are a few reasons why using a contactless payment system with a watch like this, instead of relying on a smartwatch, might be preferential. For one, [Matteo] hopes to explore the idea that one of the physical buttons on the watch could be used to physically disable the device to reduce pickpocketing risk if needed. It’s also good to not have to buy the latest high-dollar tech gadget just for conveniences like this too, but we’ve seen in the past that it’s not too hard just to get these systems out of their cards in the first place.

ESPboy Turned Into Functional Walkie-Talkie

June 27, 2023 by 17 Comments

The ESPBoy was first built as a hackable open-source game engine and handheld console for educational purposes. However, it’s also a platform that can readily support all kinds of other uses. You can even turn the humble handheld device into a working walkie talkie.

The build relies on adding a SA868 transceiver module to the ESPBoy, along with a microphone, speaker, audio amplifier and antenna as supporting hardware. It then relies on the ESPBoy’s existing screen and buttons as a user interface for the radio. Assembled appropriately, it can then be used as a very basic and barebones walkie talkie for voice communication.

You won’t get coded squelch or other useful features, but it’s enough to let you talk over the air with other handheld radio users. The SA868 module can transmit on a variety of frequency bands, but the video shows it operating in the UHF band around 433 MHz. With a power on the order of 1.8W, it should get you a few kilometers of transmission range in an open field.

Check out our earlier coverage of the ESPBoy and its many different configurations. Video after the break.

Continue reading “ESPboy Turned Into Functional Walkie-Talkie”

Networking With Balloons

June 26, 2023 by 14 Comments

Starlink has been making tremendous progress towards providing world-wide access to broadband Internet access, but there are a number of downsides to satellite-based internet such as the cluttering of low-Earth orbit, high expense, and moodiness of CEO. There are some alternatives if standard Internet access isn’t available, and one of the more ambitious is providing Internet access by balloon. Project Loon is perhaps the most famous of these (although now defunct), but it’s also possible to skip the middleman and build your own high-altitude balloon capable of connection speeds of 500 Kbps.

[Stephen] has been working on this project for a few months and while it doesn’t support a full Internet connection, the downlink on the high altitude balloon is fast enough to send high-resolution images in near-real-time. This is thanks to a Raspberry Pi Zero on board the balloon that is paired with an STM32 board which handles the radio communication on a RF4463 transceiver module. The STM32 acts as an intermediary or buffer to ensure reliable information is sent out on the radio, rather than using the Pi directly. [Stephen] also wrote a large chunk of the software responsible for handling all of these interactions, optimized for balloon flight specifically.

The blog post for this project was written a few weeks ago with a reported first launch date for the system already passed, so we will eagerly anticipate the results and the images he was able to gather using this system. Eventually [Stephen] hopes the downlink will be fast enough for video as well.Balloons are an underappreciated tool as well, and this isn’t the only way that they can be used to help send radio signals from place to place.

Easy Modifications For Inexpensive Radios

June 23, 2023 by 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.