[aprssig] Secutiry for the aprs protocol and software

Ben Jackson bbj at innismir.net
Tue Aug 25 20:57:18 EDT 2009


William Gery wrote:

> What I mean by "compromised" is  could the APRS data steam be used to
> infect the receiving systems or gain control ? 

If you're looking for a binary answer: Yes.

HOWEVER... It would be rather difficult to pull it off, as the client is
the one that initiates the connection and pulls data off the APRS IS.
The ingress path would require the attacker to compromise the server
that the client was connecting to, and then exploit some kind of bug in
the APRS parser or libraries.

I forget which client you're using, but you could pull of a simple code
review of the parser if you were planning to use XASTIR. UI-View is a
little more difficult.

Wearing my information security engineer hat, I'd have no problem
recommending this, as the risk posed to the network would be nominal.
There's a much greater risk with users browsing the web.

-- 
Ben Jackson - N1WBV - New Bedford, MA
bbj <at> innismir.net - http://www.innismir.net/




More information about the aprssig mailing list