As an engineer and radio hobbyist, one of the things I do occasionally is advise folks who are looking for a roll-your-own communications solution. These are usually folks who won’t be going the commercial land-mobile route for one reason or another, so the toolkit is limited to Amateur Radio, GMRS, and the various un-licensed services.
The 900 MHz frequency-hopping radios like the Motorola DTRs and TriSquare TSX series appeal to some because they are a lot harder to interfere with or eavesdrop on than the typical FM handhelds popular in other services. The DTRs in particular hop frequencies quickly enough that you practically need state-level surveillance equipment to follow them, and then on top of that you have to be able to decode the digital voice. They’re about as secure as you can get without encryption, as long as you don’t use Public groups.
The DTRs come out of the box set up to use Public groups, which any other DTR will receive if it’s set to the same group and channel. I actually changed the default on my 550s to a different Public group and channel, and still found I was hearing other DTR users at a downtown public event. (Didn’t know they were that popular.)
The security issue here, if you’re concerned that someone with a little skill might want to mess with your comms for whatever reason, is that anyone who happens to receive your transmissions on a Public group will also see the ID of your radios. Knowing that ID and nothing else, a person with a DTR650 and the ability to program it can send Manager Mode commands to your radios, and there doesn’t appear to be any way to prevent it.
(Does anybody here know differently? OTAAll Allow: Off prevents wholesale cloning, but not the Manager Mode commands.)
The three Manager Mode commands are Remote Time, Remote Monitor, and Remote Disable. Of the three, Remote Time is not much of a threat. Remote Monitor will cause your DTR to open its mic and transmit, but it doesn’t do so quietly. You’d notice if it happened. Remote Disable, though, will shut your DTR down by the time you realize what’s happening. And once a DTR is Remote Disabled, it won’t do much of anything, including talk to the CPS software, until it’s Remote Enabled again by a Manager Mode-capable DTR. (So hopefully, you have one.)
I suppose it’s possible that re-flashing the DTR might re-enable it, but I don’t have a flash cable yet with which to try.
I expected to find, in the CPS software, a way of programming which radios in a system are authorized to send Manager Mode commands, so that all the radios in that system would only listen to those commands if they came from a radio on the “whitelist.” It doesn’t appear, however, that such is the case. (Please correct me if you know differently.)
The key to such an attack is the ability for an outsider to “sniff” your radio IDs by listening on Public groups, so the simple workaround is to use Private groups only.
Granted, most users are probably not concerned about this level of security. Just consider this an experience I had that I’m tossing out as my two-cent contribution to the DTR knowledge base on this forum.
Josh