Видео

I'm very excited to hear that DMR audio can be good, it's just a radio problem! We use the XPR6550 and 7550 at work, and there's definitely that funky compression/distortion. My MD-UV380 sounds the most garbled, the XPR sound good enough the untrained ear doesn't notice. I'd be very excited to hear the DMR audio quality of the VP8000. Maybe they use a DSP algorithm to squeeze as much as possible out of the DMR vocoder. Also cool that Kenwood allows you to roll licensed features into new radios if you lose/break a radio with those licenses. However, it feels like being thrown a bone when you compare the cost of the armada programming software.

Anybody now how to disable the outside mike on the PPG smoke headset ? Why would they have the outside mike picking up all the noise from engine ? It defeats the purpose !

HiRose 6 pin. If you need a wiring diagram, let me know :)

Absolutely a problem and a threat. I’d argue that even though it’s a threat, and many higher level agencies should opt for radios without android embedded, the human vector is still the one often exploited. Be it laziness/complacency, blackmail, or bribery, the janitor, equipment manager, or your partner is also a threat that should be reviewed.

A six minute video to say there is a delay. I see why this could be a problem for YOUR kids. Thank God mine are smart enough to understand what a delay is and how to work around it without making a stupid six minute long video bitching about first world problems.

What antenna is that? The one that handles all-band, GPS, LTE etc?

Motorola take great pride in there software security encryption updates so it can't be hacked it's is designed for that particular Motorola public safety radio with high level encryption module in its circuitry too in ensure encrypted and secure communications for first responders the radio is programmed that way former Motorola affiliate service shop technician now work independent

everyone here has made good points about trade offs and attack surfaces... from my perspective, I still haven't really seen the benefits of this extra functionality for my group so until that happens it's easy for me to make the conservative choice and stay with traditional radio units, will be curious to see when/if that changes

It depends on if the Android device within has a microphone to listen, or a speaker to make into a microphone. If so it's possible to hack anything. Thing is, the path of least resistance is almost always taken. It is probably easier to take advantage of the situation, especially in an emergency high stress scenario to plant a device to listen in a squad car, on an officer, or to target the officer's own smart device. Why hack the radio when there are much easier ways to listen?

Someone breaking the encryption on our radios would be my last concern. If someone is doing that, chances are you'd already be dead.

How much

the problem is old android versions on poc radio`s, even my expensive Hytera has Android 12, not 14

From my understanding Motorola has safe guards in place to prevent hacking .

The bad people that the US Marshalls are after are not the types that can hack Android systems, not to mention remotely. You are thinking too much.

This all depends fairly heavily upon how the radio and the android side of things are actually interfaced. From the way the radio boots (ie fully functional as a radio well before android is usable) I'm inclined to say that they're architecturally distinct and its most likely that the radio-side of things probably wouldn't be compromised by a vulnerability in Android. Motorola employs some incredibly smart and forward-thinking engineers, and I do not believe this radio would be getting bought in the numbers it now is had they not addressed this proactively.

Possibly other governments could crack it not an Joe or even above average

I fully agree with waylonk2453's comment, but an idea popped into my head regarding the possibility of using the microphone exclusively through one 'service'. By 'service' I mean an application on the Android device (such as voice calls) or the radio itself. Unfortunately I don't have access to such Motorola radios (I only have the old GP680 and GP380, maybe in the future I'll be able to afford an APX5000 - my little dream 😊), but could you check by installing on the APX NEXT some application for voice calls (like Zoom, etc.) and connect with a second phone (simulating a conversation) and at the same time transmit from another radio on the same frequency as the APX NEXT is set and see if in this conversation through the application you will hear what you say from the other radio.

Huge vulnerability, Android is absolutely so vulnerable. I have little doubt this is how china will take us down during terrorist attack. They can now take down our public safety trunked system.

It's a double edge sword, since they can remotely receive software update, patches can quickly be deployed but it also leaves devices vulnerable to hacking from the very same remote connection.

Get a Navajo, speak in code, hide in plain sight…

Hey, I'm a regional SA on one of the four major (out of 53 unique or so) P25 systems in Texas. Each system consists of sub-systems (not in the RFSS definition) based the Council of Governments (CoGs), city/county, or formed executive organizations that govern/manage their subsystems. I've got roughly 2500 subscribers (only a dozen NEXT and two N50's) in the three counties that make up my sub-system, the neighboring county has roughly 80,000 subscribers with roughly 60% of those being NEXT or N70. Yes the N series runs a version of Android which is stripped down, de-googled, and can't actually make phone calls as shipped from Mother M (the eSIMs used by Motorola are data only and are typically LTE-M thus can't really support voice) plus the phone application has actually been removed from the device. You can't really side load applications on N series devices...we've been begging Motorola for over a year to either offer or allow us to sideload ATAK-CIV. On the SmartConnect functionality of the devices (even WiFi only 6000/8000s with SmartConnect) some systems have opted to host their own SmartConnect gateway access, others have chosen to only allow Motorola Solutions to have external access to the systems. We are of the latter so in the case of SmartConnect, we have a very generic gateway URL in Schaumburg, the CA cert (like it does with TAK) then IDs the system and Motorola's firewall services route to the system via VPN so again, the only true external connection is through Motorola. Then the radio goes through the same registration/affiliation process a LMR only subscriber would go through except LLA is built into SmartConnect in part due to the CA cert. There's a lot more security baked in there than you would find with your traditional COTS device. On another note, since Android is based on Linux it's probably worth noting that both BK and EFJ use ARM CPUs in their current series radios. EFJ has actually been using ARM since the 5x00 Ascend and ES series but I don't know if they are still utilizing WindRiver Linux like they were back then. Something that may be fun to try is performing a BIN walk on all firmware's from your favorite vendors.

If it's wireless, it can be hacked. If it's on the Internet, it can be hacked. If a network isn't decentralized like a mesh network, it's vulnerable to widespread disruption through an attack on the main trunk or server.

Any idea if there's NXDN support coming for these? I've seen rumors. Now that DMR is out I'm hoping NXDN is on the way.

What's your opinion on the tyt md UV 390 plus for a encrypted radio

Totally understand where you are coming from, but I'd argue that there have always been less secure links in these multi-site trunking systems. Once you start connecting sites together using non-RF means you're sending communications through other systems that can also be physically exploited if someone has the time and knowledge. It's rare that anything in these chains are doing anything other than sending encrypted data around (most if not all of the digital data can remain AES256 encrypted). There are some exceptions where this data needs to be decrypted and brought back to analog (RoIP gateways come to mind), but they're usually specific use cases and this is probably occurring in a relatively secure building/network/server room. Most portable and mobile subscribers outside of a dispatch centre are not setup to send inhibit stun/kill commands so just gaining unauthorized physical access to one of these for a time will provide limited malicious capability beyond just decrypting audio. Yes you could possibly sideload malicious malware to always listen to that radio, but I don't think it would open up much in the way of significantly impacting a trunking system. Motorola also has a good history of implementing hardware encryption. The MACE modules are a good example of this. Clearly Motorola is experienced with isolating sensitive hardware, so I would want to give them the benefit of the doubt that when engineering the NEXT platform, they effectively air-gapped the Android component of the device from the sensitive portions of the RF and encryption systems. I am no hardware engineer, but I would think that it would be entirely possible to only allow the Android component of the system to adjust user-interactable components of the RF system. Changing things like your menu, zones, channels, volume, etc without having any access to actually signal anything. My main worry with this is not with anything on the radio itself, but with the RadioCentral cloud OTAP design. If someone can gain access to this with malicious intent... There would be almost no limit to the damage they could do to a fleet of radios. Think, inhibit killing all of them which would make them paperweights until they could be loaded with new keys. If it has been built with the appropriate level of security that it should have for such a centralized mission-critical piece of infrastructure, we should be fine. Here's hoping.

I'll add my two cents: yeah, any connection you're going to add is going to increase the "attack surface" of a device. If your device now has WiFi, it can now be attacked over WiFi. However, most of those connections make the device more useful: it's a tradeoff. The perfectly secure radio has no receiver of any kind and, well.....that's not a useful radio. And it's just not the device, you have to be thinking about the network and your supply chain too. We put mitigating measures in place: endpoint security, vetted app stores, forced updates, etc. I would not allow any end-user to install Flappy Bird on their APX Next. Android has mitigating measures in place too: it's really hard to impossible to interact directly with other apps on the same device, except for the defined 'intents' systems (that's your universal share button), memory encryption, memory tagging, etc. etc. Now, "is it worth it?": it depends. Regular police work, probably fine. Deep undercover, probably not but you wouldn't bring an APX anyway. Counter-terror? Probably fine even. Key question: what is your threat model, or more specifically: who are you trying to keep out? Regular criminals? Organized crime? Or nation-state actors?

It is totally possible for someone to write an android app that could do nefarious things. It would require someone having access to the preprogrammed radio and knowledge of the Motorola system and android system but it is not impossible and some bad actors with deep pockets could make this happen. It’s easier for someone to steal a radio that’s unattended somewhere.

Yes

Interesting..

Well a similar argument applies to all the statewide trunked radio systems and how dependent those are on internet connectivity. A lot of the new APX radios can even access those systems using Wave over cellular when in a dead zone. That’s another aspect that exposes some vulnerability.

Ah, Rob Braxman refers to this vulnerability as "client-side scanning." The encryption of a message doesn't matter if it's intercepted by a bugged app after decryption of course. Better to keep radios and smartphones as discreet technologies.

Look at what China just did to all the major telecomms in the US and intercepted texts/phone calls.

Interesting. Things can be sideloaded on the NEXT such as ATAK maps, etc.

Look at what happened with tetra radios in Europe, shit can happen

Is this one of another fbi honeypot?

I wish I had the money even for a used xts..

Well since its a Fire Dept Radio mostly...if an emergency services county dispatch center doesnt have the programming or tech to support this new age tech, fire Depts. Will have paper weights for them too and those are very expensive paperweights, radios would be awesome to have though, my FD has certain areas in the district where it has dead zones for communication that goes with the terrain and the comms problems we have at the county...hell maybe even state level

Are you saying Zellow? The internet based comms?

Definitely hi rose connector. Used in kvl keyloader

Another great video the reason why I bought one.

Well, pretty much normal behavior to wait half a second on radios to talk. We were taught that in both WFF and S&R.

I wish i had the kind of money to drop on an APX 8000 lmao

Hirose. Pin count is important.

My man has the most expensive hobbies

This is a bit extremist.

My man could sell the radios on screen and buy a really nice used car lol. I bought an APX 6000. I could not afford the APX 8000 which is what I wanted because it's able to do VHF UHF and 800 MHZ. I had to settle for the APX 6000 single band but I can say that it works amazingly on 800 MHZ.

Can you actually own the BKR programming software or do you have to rent it like with Motorola?

There is a 3rd party company called SkyEye tactical that probably makes that BK connector your wanting and if they don’t have one they will make one for you

What are the odds you could do a video like this for an APX radio?

I found one of these in a closet that I "inherited" with my position. Working with the company now to get current cables for MOTO APX and the BKR 5k/9k. Couldn't find on the website but they do make them. Just took a phone call. They are super nice and helpful folks. Looking forward to getting this deployable!