SmartSDR network authorization?

  • 1
  • Question
  • Updated 1 week ago
As far as I can see there is no application authorization built into the flex radios and SmartSDR. Wouldn't that mean that anyone on the same local network can take over my radio?  

Scenarios I can think of: 

Malicious user picking up Wifi outside a contest station
computer virus that got control over my network.
hotel network, 
etc.


Ideally, it would be great if there was a way to add an IP white list or similar.  Or only allow SmartLink, even when local...   Am I paranoid?


73
Andy
KU7T
Photo of Andy - KU7T

Andy - KU7T

  • 106 Posts
  • 6 Reply Likes

Posted 2 weeks ago

  • 1
Photo of Robbie - KI4TTZ

Robbie - KI4TTZ

  • 479 Posts
  • 77 Reply Likes
Yeah I'd say that's being overly paranoid.  Just keep Windows patched and run some kind of antivirus software and you'll be fine.  I'm not aware of any ham radios being the target of hackers at this point.  It would be a lot of work for little gain on their part.
Photo of Robert Lonn

Robert Lonn

  • 199 Posts
  • 45 Reply Likes
What about the 6600M on Air Force One!!!
(Edited)
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2246 Posts
  • 871 Reply Likes
Yep, no authentication as far as I can see. I do keep guests off my internal LAN, though.
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1248 Posts
  • 649 Reply Likes
Security is always an interesting issue.

As SmartLink requires access to the remote brokering server it brings its own issues to what is otherwise a local only issue. Of course SmartLink may not even work in many configurations.

The SmartLink security would be deployed and in play in the hotel scenario, and pretty much covers most remote scenarios.

Allowing unrestricted network access to a physical connected to that network radio would offer the unauthorized person great potential to manipulate your radio. It does make a lot of sense to maintain normal wireless security as well as normal physical security against rouge plug-ins.

FRS has been prudently reticent to deeply explain all the various levels of authentication in use or undeployed.

Security is the “calculations” that make exposures in like “calculated risks” protected from reasonable exposure while not made unavailable hidden behind odious protections.

Usually security evolves and perhaps an ability to lock down on a LAN will be deployed to augment wireless passwording and physical network connection protect on that LAN. But most likely not until a threat rests its head. Protection at a good, better, best level of LAN protection schemes may be useful.

For now keep your wireless passwords secure and perhaps avoid leaving outlets for your LAN exposed outside of your physically secure zone will do the trick.

73

Steve
K9ZW
Photo of Andy - KU7T

Andy - KU7T

  • 106 Posts
  • 6 Reply Likes
Good, so I am not that paranoid. It seems appropriate in today's world to have some protection against intruders. Eventually.

It probably would not be too hard to use the SmartLink infrastructure to do authn/authz  99% of radios and computers can hit the internet, so that should work. With some configurable way to allow noauth, so networks that are not in the internet can still opt in to allow it.


Thanks
 and 73
Andy
KU7T 
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1248 Posts
  • 648 Reply Likes

Believe the present SmartLink implementation brokers a connection via the external internet, which may bring more overhead than the security it might bring.

Thinking that an hacker dedicated and clever enough to interfere is perhaps not so likely to be thwarted by SmartLink. 

Everything in security comes down to the cost-vs-benefit analysis on several axis, and in our case usability comes very high.  There are costs in latency, immediate accessibility, introduction of artifacts, as well as economic issues that may offset the perceived security increase. 

And in the end the human risk factor of password security could unravel all the security enhancements.

You CAN limit your particular installation to avoid local access by how you configure your networks & sub-networks - notice the plurals as you would like to isolate your radio in a way that physical & wireless unauthorized access is disallowed, and that access from your working network would require the SmartLink brokerage.

Basically make your station internet based and remote, despite any close proximity.

There is a lot more that could be done, but to what end? 

73

Steve K9ZW