Internet Security

  • 1
  • Question
  • Updated 2 months ago
How secure is the software in the Flex radios and the Maestro from internet hacking? Other IoT devices are now under attack to gain improper access to networked computers and the data on them. Are the continuing security patches being diligently applied to the underlying OS's (Linux for the Flex, Windows for the Maestro), or are they only applied when a new version of SmartSDR is released?
Photo of Mark Erbaugh

Mark Erbaugh

  • 399 Posts
  • 36 Reply Likes

Posted 2 months ago

  • 1
Photo of Bill -VA3WTB

Bill -VA3WTB

  • 3181 Posts
  • 706 Reply Likes
Mark, security is not really an issue.
This is Tims comment today on another post.

let me remind you that the software that runs your radio is NOT Windows that runs on your PC.  It is the firmware INSIDE the radio.  All SmartSDR does is command and control of the radio, spectrum rendering, and some audio IO management to play audio from your PC speakers and input from a mic if so desired.
(Edited)
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 234 Posts
  • 70 Reply Likes
One other comment to this: although the Windows in the Maestro and the "M" front panel is restricted by being pretty well an embedded O/S, it _is_ Windows, not Linux, and both of those are exposed by a network.
Photo of Ted  VE3TRQ

Ted VE3TRQ

  • 234 Posts
  • 70 Reply Likes
Although the bad actors need to get to your device (the radio or Maestro) before they can compromise it, don't be fooled into being complacent. If a determined, knowledgeable hacker gets access to your radio, they can certainly control it - it really has no protection if you are on its network.

You do need to consider security around your devices - no operating system and its supporting tools are completely safe, just some are less desirable as a target. There are effective exploits for Windows, Mac and all variants of Unix. And there are even more exploits for common routers used as the gateway to your internal network and your radio equipment.

Don't be paranoid, but do be aware.

Ted VE3TRQ
Photo of AA0KM

AA0KM

  • 354 Posts
  • 64 Reply Likes
If they have control of the radio you have way more issues to worry about than a simple hardware radio.
Getting through router-firewalls etc etc then to the radio what do they gain?
Same with any hardware like outdoor cameras -gates-wx stuff etc etc.
Your whole network is then compromised. You have major issues.


So when you come home late at night and all your automated Alexa`s-Siri`s -echos etc . been hacked and all your house lights are on you got issues way more than any radio problems.

So yup Shields up.





(Edited)
Photo of Bill -VA3WTB

Bill -VA3WTB

  • 3181 Posts
  • 706 Reply Likes
Based on what I posted from Tim,,it is very unlikely to happen. The radio does not use Windows like in a PC,,
Photo of Mark Erbaugh

Mark Erbaugh

  • 399 Posts
  • 36 Reply Likes
Thanks for the comments. I like VE3RTQ's comment, but want to expand on it. If the hackers get control of your radio, the damage they can do with the radio is minimal. The prize for the hackers is that they now have access to a trusted computer inside your cybersecurity perimeter. From there they can look for other computers to attack and may be able to inflict some real damage.

Has Flex made the communications protocol available to the cybersecurity community for review?
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1321 Posts
  • 668 Reply Likes
@Mark

Both Tim and Steve from FRS have spoken around this question in the past.

The only take-away I came away with includes that they have used what they learned securing their proline gear in the amateur lineup, and that they are not going to discuss details with us.

I’m not even certain if they formally run a vulnerability-bounty program, but I’d guess they would be highly appreciative of actual reports.

It does look like a lot of the systems are robust, as least to the level of connected machine tools and consumer level commercial banking. As usual the highest risk appears to be at the human part of the equation with lost,shared or compromised user credentials.

One thing we end users do know, is if FRS is tight lipped about something they just don’t want to discuss it, consider it proprietary, or the timing isn’t right to announce something. So even if they do not speak on this issue it doesn’t mean they are ignorant of the risks, rather they want to keep the protections provided out of sight and undocumented.

If you know of a particular risk, please share it with FRS.

73

Steve
K9ZW