Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

SmartSDR network authorization?

Andy - KU7T
Andy - KU7T Member ✭✭
edited November 2019 in FLEX-6000 Signature Series
As far as I can see there is no application authorization built into the flex radios and SmartSDR. Wouldn't that mean that anyone on the same local network can take over my radio?  

Scenarios I can think of: 

Malicious user picking up Wifi outside a contest station
computer virus that got control over my network.
hotel network, 
etc.


Ideally, it would be great if there was a way to add an IP white list or similar.  Or only allow SmartLink, even when local...   Am I paranoid?


73
Andy
KU7T

Answers

  • rfoust
    rfoust Member ✭✭
    edited June 2018
    Yeah I'd say that's being overly paranoid.  Just keep Windows patched and run some kind of antivirus software and you'll be fine.  I'm not aware of any ham radios being the target of hackers at this point.  It would be a lot of work for little gain on their part.
  • Robert Lonn
    Robert Lonn Member ✭✭
    edited June 2018
    What about the 6600M on Air Force One!!!
  • Ria
    Ria Member ✭✭✭
    edited November 2019
    Yep, no authentication as far as I can see. I do keep guests off my internal LAN, though.
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited June 2018
    Security is always an interesting issue. As SmartLink requires access to the remote brokering server it brings its own issues to what is otherwise a local only issue. Of course SmartLink may not even work in many configurations. The SmartLink security would be deployed and in play in the hotel scenario, and pretty much covers most remote scenarios. Allowing unrestricted network access to a physical connected to that network radio would offer the unauthorized person great potential to manipulate your radio. It does make a lot of sense to maintain normal wireless security as well as normal physical security against rouge plug-ins. FRS has been prudently reticent to deeply explain all the various levels of authentication in use or undeployed. Security is the “calculations” that make exposures in like “calculated risks” protected from reasonable exposure while not made unavailable hidden behind odious protections. Usually security evolves and perhaps an ability to lock down on a LAN will be deployed to augment wireless passwording and physical network connection protect on that LAN. But most likely not until a threat rests its head. Protection at a good, better, best level of LAN protection schemes may be useful. For now keep your wireless passwords secure and perhaps avoid leaving outlets for your LAN exposed outside of your physically secure zone will do the trick. 73 Steve K9ZW
  • Andy - KU7T
    Andy - KU7T Member ✭✭
    edited September 2018
    Good, so I am not that paranoid. It seems appropriate in today's world to have some protection against intruders. Eventually.

    It probably would not be too hard to use the SmartLink infrastructure to do authn/authz  99% of radios and computers can hit the internet, so that should work. With some configurable way to allow noauth, so networks that are not in the internet can still opt in to allow it.


    Thanks
     and 73
    Andy
    KU7T 
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited June 2018

    Believe the present SmartLink implementation brokers a connection via the external internet, which may bring more overhead than the security it might bring.

    Thinking that an hacker dedicated and clever enough to interfere is perhaps not so likely to be thwarted by SmartLink. 

    Everything in security comes down to the cost-vs-benefit analysis on several axis, and in our case usability comes very high.  There are costs in latency, immediate accessibility, introduction of artifacts, as well as economic issues that may offset the perceived security increase. 

    And in the end the human risk factor of password security could unravel all the security enhancements.

    You CAN limit your particular installation to avoid local access by how you configure your networks & sub-networks - notice the plurals as you would like to isolate your radio in a way that physical & wireless unauthorized access is disallowed, and that access from your working network would require the SmartLink brokerage.

    Basically make your station internet based and remote, despite any close proximity.

    There is a lot more that could be done, but to what end? 

    73

    Steve K9ZW

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.