Mototrbo Repeater Hijacking

[randy52644]

We have a XPR8300 repeater that is being used by unknown users. The color code was changed once but this didn't last long.

Without any way to "monitor" what the intruder is saying, we can't even attempt to track them.

What are the rest of you doing to combat someone hijacking your repeater?

In the "good ole days" of analog, you could at least listen and eventually determine where the intruders were at or who they were.

Two steps forward for technology and one big jump backwards!

Randy

[maelv]

Hello Randy

The mototrbo system in the newer firmware versions has an opportunity to encrypt the traffic with an build in scrambler using (I think 16 bit key) in the subscriber units.

I don't know if the repeater needs to have this key, but I think it needs to have this key to do routing of calls and text messages... and if the intruders do not have this key they are off the repeater, because it will take some more time to guess the 16 bit key vs the color code. This is just a suggestion. I don't know if it will work because I don't have the gear to test it out.

The 16 bit key is just scrambler level encryption, not secure encryption like P25 encryption.

Hope it helps

Maelv...

[randy52644]

I called Motorola and they confirmed the color code was the only thing needed to access a repeater. They also confirmed there isn't any way to "monitor" transmissions if you don't know the call ID of the user accessing your repeater.

At this time Motorola says there isn't any way to limit access to the 8300 but "they're working on it".

Does seem like they thought to far down the page on this one.

[chartofmaryland]

This is the perfect reason TDMA should have been dropped with those 1 watt nexthell looking portables. There is no way to make sure your equipment is working properly unless you have a Service monitor with the ability to work with TDMA.



I still am not seeing the advantage to this product line yet, but it does not fail in the trouble & issues catagory

CoM

[ki4gyw]

In-band signaling could be used to take care of the problem, here is some info from gnu-radio The goal of in-band signaling in the USRP is to support precision timing, TDMA, packet processing, and other related items. The in-band signaling allows for metadata and control information to be sent on the same channel as the data. This information can be used to control the USRP on a per-packet basis, allowing low-latency transmission control which is needed for detailed Media Access Control (MAC) protocols.

[mr.syntrx]

In-band signaling could be used to take care of the problem, here is some info from gnu-radio The goal of in-band signaling in the USRP is to support precision timing, TDMA, packet processing, and other related items. The in-band signaling allows for metadata and control information to be sent on the same channel as the data. This information can be used to control the USRP on a per-packet basis, allowing low-latency transmission control which is needed for detailed Media Access Control (MAC) protocols.

Umm... what does that have to do with securing a TRBO system?

[ki4gyw]

Media Access Control (MAC) protocols, over TDMA would be a start or limiting limit access, just used it as a example of what may be done in the future.

[wavetar]

Kenwood's NexEdge answer seems easy to implement...you can set their repeater to require the same encryption key as the field radios before it'll repeat the transmission. The next firmware version for TRBO will give 40-bit encryption, which would pretty well eliminate the hijacking problem if they went that route. No MAC or IP crap to mess around with then.

[escomm]

Won't the encryption negatively impact coverage and audio quality?

[wavetar]

Won't the encryption negatively impact coverage and audio quality?

Encryption has zero impact on coverage & audio quality in today's Astro & TRBO digital radios. The reason the old SecureNet encryption suffered from those deficiencies was because the antiquated analog-to-digital conversion could only sample at 12.5kbs, which made the resulting recovered audio sound like crap. The error correction was at first non-existant, then later was added (designated with 'XL') but was minimal, so the range was affected. Nowadays with the IMBE & AMBE vocoders the recovered voice is quantum leaps ahead of the SecureNet, and the large amount of error correction allows for range which in some cases is even better than analog. Adding the extra bits for encryption into an already digital datastream does nothing to affect range or audio.

[mr.syntrx]

Media Access Control (MAC) protocols, over TDMA would be a start or limiting limit access, just used it as a example of what may be done in the future.

MAC in that context refers to the part of a comms protocol that deals with collision detection/avoidance, channelization into timeslots etc, rather than being a feature to keep pirates out.