Hez Hacked Israeli Radios

Defense Technology.org ^ | 9/19/06 | n/a

[LS]

"Looks like we use Navajo code talkers again."

Yah-ta hey!

[LS]

Now, 4C: Command, Control, Communications, and Computers

[LS]

I just report. You decide.

[WizWom]

Ok, I guess I need to spell this out.

For any given microsecond, the frequency choice is between two frequencies previously assigned via a One-time use ROM chip. If there is a signal on one, it's a '1'; if there is a signal on the other, it's a '0'. The ROM is programmed easily by an antennae tuned to your favorite random number generator, the universal background noise.

So, there is no "signal" to find. The power used is trivial, and looks like noise. Even a Direction-finding antennae needs to be tuned to a band; it can't just listen to everything. It would end up pointing at the nearest broadcast station.

It gets a bit tougher when they jam, since then the operator has to activate a higher power mode, which might be descernable in a rough way. But then their jammer also would be on the same band that they are trying to DF, with the result being finding the jammer.

Now, if you are quite through with mincing words and trying to sound like you know something, you can go crawl back under your rock.

However, this digital system is the newer one, I'm not at all sure the Israelis had it in field. But it's simple enough that It would take less than 50 man-years to develop from scratch.

[Southack]

"So, there is no "signal" to find. The power used is trivial, and looks like noise. Even a Direction-finding antennae needs to be tuned to a band; it can't just listen to everything."

That's incorrect. A spectrum analyzer does indeed "listen to everything."

With a directional antenna and a spectrum analyzer, a DF crew can sweep a given geographic area for electromagnetic emissions (e.g. radio waves). If your antenna is emitting electromagnetic radiation on *any* frequency when a directional antenna (hooked to a spectrum analyzer) is pointed your way, then your distance and signal strength can be judged/calculated.

If two such directional antennas see you emit electromagnetic radiation, then your precise position can further be calculated.

It does not matter if you are emitting a weak radio signal from your antenna. It does not matter if the radio signal you emit is on a specific frequency or zipping through multiple frequencies. It does not matter if you encrypt the data on your radio waves. It does not matter if you send data digitally or via analog encoding.

What does matter is that energy left your antenna when a directional receiver was pointed at you.

This does not mean that an enemy can discern the *contents* of the data that you are transmitting from your antenna.

However, it does mean that for the past century an enemy has been able to locate your position based upon you sending radio waves from your antenna.

Random, super-high-speed frequency hopping is no defense against modern DF'ing, either. A spectrum analyzer sees all.

[Southack]

Just FYI, here's a commercial spectrum analzyer that simultaneously hears *everything* from 0hz (DC) up to 8 GHZ: http://rfdesign.com/news/defense/analyzer_brings_advances/index.html

[WizWom]

I see you still did not get it.

A properly designed secure radio would be indistinguishable from noise, both in frequency pattern and in amplitude.

There really is NOTHING to analyze. Spectrum analysis needs to run a FFT against the noise to find an active frequency; that's how the "transient" detection they talk about is done. It needs to be able to find an anomaly - power, or a period of time of a frequency which is not noise like. If you start with two noise regions and choose randomly which noise region to pick from, it is impossible to tell it is not noise unless you have the one-time use code book.

But if a soldier did something stupid, like bring a cell phone that was on to the battle, then you could DF that. Cell phones use a very specific range of frequencies, and give off easily detectable pulses every minute, so that they can receive calls. And even though I know you won't ask, yes, I worked on those systems.

Military secure communications are way ahead of commercial - because commercial needs to be affordable, military needs to be the best.

[Southack]

Sigh.

If energy leaves your antenna, then your enemy can determine your position with DF'ing.

Low power; doesn't matter.

Background noise; doesn't matter.

Encryption; doesn't matter.

Super high-speed frequency hopping; doesn't matter.

To put this in perspective, the *commercial* spectrum analyzer that I showed you in the link above detects 0HZ dc emissions.

That's not even a radio wave; that's just voltage.

Sweep a directional antenna over a dc circuit, such as the wires that power the lights on a typical car, and that spectrum analzyer can tell you that your car is running 12 volt circuitry.

With the right antenna, you don't have to touch the car's electronic circuits...you can tell that the car has an energized 12 volt circuit from a distance, due simply to the bleed of a few electrons that naturally pass through even good insulation (e.g. insulated wires).

For a simple example of the above, look up "spark indicator tool" on Google or Dogpile.com.

Of course, when you **transmit** energy out of an antenna, you can be detected from much further away.

[Southack]

"Military secure communications are way ahead of commercial - because commercial needs to be affordable, military needs to be the best."

Military secure communications protect the **contents** of communications, but typically offer zero protection against DF'ing.