[liberationtech] more on sat phone (in)security

Jacob Appelbaum jacob at appelbaum.net
Fri Feb 24 11:58:58 PST 2012 

On 02/24/2012 03:39 AM, Bernard Tyers wrote:
> Hi there,
> 
> Just a few points:
> 
> Martyn: while you are right on most cases about amateur radio, I
> agree with Jacob's main point (as I understand it, please correct me
> if I am incorrect) that there other technologies that can be used. It
> does not have to be "the most complex". It can be argued, the more
> complex the system, the more unusable it becomes due to more
> requirements.
> 

That's exactly my point.

> Leaving the legal requirements for licensed amateur radio emissions
> to be in cleartext, the amateur radio spectrum is quite large. Again
> leaving aside the ITU regional differences the spectrum ranges from
> LF (130KHz approx) right up to EHF (250GHz). It gives you certain
> amount of area to hide in.
> 

Quite a large area, yes.

> Jamming amateur radio frequencies is as trivial with the right
> equipment (and money) as jamming GSM, UMTS, satellite transmissions.

Absolutely. This is a good book on the subject:
http://www.amazon.com/Fundamentals-Electronic-Warfare-Artech-Library/dp/1580530524

It's a bit pricey but it's full of pretty interesting information.

> 
> Concerning amateur operators not being appreciative of unlicensed;
> from experience amateur radio operators are very open to humanitarian
> missions using (and possibly misusing) their licensed spectrum. There
> are worldwide networks of ham operators who man, 24/365 voluntary
> radio emergency networks (REN) for passing humanitarian messages
> to/from involved parties. There is an article on wikipedia (light on
> technical facts unfortunately) which expands on the global nature of
> ham emcomm nets. [1]
> 

During the Egyptian crisis when the net was cut, we were listening to
some HAM bands, I think including these.

> The use of ham radio for clandestine uses has been documented for
> years, an example being during the invasion of Kuwait. [2], [3]


Certainly not a new idea, yes.

> 
> One approach (not amateur radio related), which I have not thought
> through from the point of view of technical feasibility, would be the
> approach used by numbers stations. They transmit their messages in
> seemingly random strings. It is true they use HF spectrum, use
> powerful transmitters and large antennae, but to my knowledge their
> messages have never been deciphered. Of course, it may be possible
> government agencies have, but it has not come to the media.
> 

I think this would be a really great idea for keying/renumbering, I've
got a huge selection of recordings from number stations. It's pretty
crazy stuff!

> Some also use distributed antenna arrays, relaying the signal over
> hundreds of kilometres thus obscuring the source of the emission,and
> making jamming practically impossible (it is assumed). [4] Again this
> requires certain infrastructure to be in place.
> 

I'd imagine that this is something we could build as a community as well.

I've been working on building an RF broadcast system that is passive for
receive but also (surprise) uses Tor for sending. Sounds crazy, right?
:) Paper coming, sometime soon.

> If this approach was possible in a more portable nature, and the call
> finally being sent to the satellite after multiple relays, this may
> be an option.
> 
> The core of the issue here is that every RF emitting device is
> vulnerable to location discovery. The only secure approach to these
> technologies is not use them.  An approach could be to prepare the
> message in offline mode, go to a new location which gives you
> coverage. Go online with the device, send the message. Turn the
> device off, and leave immediately. And never go back to that location
> plus X Km radius. Of course you end up running out of areas to
> transmit from, but again they are the constraints.
> 

You may also be able to tamper with the NMEA data stream from the GPS
but you won't be able to do much about the RF emission issues. Newer
phones have a NMEA/GPS chips inside of other chips, so it's harder to do
a MITM on the data stream.

All the best,
Jacob

More information about the liberationtech mailing list