[aprssig] Secutiry for the aprs protocol and software

Tyler Allison tyler at allisonhouse.com
Tue Aug 25 23:17:51 EDT 2009


> William Gery wrote:
>
>> What I mean by "compromised" is  could the APRS data steam be used to
>> infect the receiving systems or gain control ?
>
> If you're looking for a binary answer: Yes.

I should point out that anyone who doesn't answer the question "can X be
'compromised'" with a binary answer of Yes is lying. And if the NOAA/NWS
security weenie is asking that question he/she needs to be slapped in the
back of the head.

I can compromise a completely isolated device and network like the radar
dish and data feed coming from it.  It's not likely it will happen, but
given enough time and money I can.  Does/should that fact stop the NWS
from using the radar dish? No. It's a stupid question in the first place.

The proper question is:
How difficult would it be to compromise a system via the APRS-IS data
stream? The answer: _VERY_ difficult, highly unlikely and completely
dependent on the software you are using to get the data. The exploit would
essentially have to be client specific and not APRS-IS dependent. You're
more likely to get compromised while reading your email than using the
APRS-IS data feed.

-Tyler






More information about the aprssig mailing list