• If posting about a radio issue: Include the HOST, DSP and UCM/secure firmware versions, flashcode and CPS version you're using along with the operating system info. This is critical information.

Authenticated Radio Disable - closes security vulnerability from 2014

Status

motoapx

Contributing Member
Joined
Jul 17, 2012
Messages
59
Haven't seen this mentioned much on the forums outside of the bit where Motorola accidentally bricked radios with the feature release... but I thought it deserved to have some additional attention drawn to it given a previous thread about TRBO subscriber security. The link below describes the feature in EMEA R2.6, but I believe this was pushed with R2.5.x in NA firmware (R2.6 for "e" series radios, apparently).

http://cwh050.blogspot.com/2016/05/new-in-r26-authenticated-radio-disable.html

It looks like Motorola has gotten around to "fixing" the radio inhibit security vulnerability that Mars and company had reported back to the company back in 2014, by way of the Authenticated Radio Disable feature. It seems that with ARD, when an inhibit command is sent to a subscriber, either knowledge of the device's EP / AES key, or a user passphrase is required to assert the inhibit function, which would keep unauthorized parties from disabling the radio as Mars originally reported.

Of course, "fixed" is in quotes here, because it looks like the ARD option may be a paid EID. Anyone know if ARD comes for free with the new firmware, or is this a paid option?
 
D

DJ0WH

Not Registered
This is a paid feature (EID).


Sent from my iPad using Tapatalk
 

Mars

Prolific Contributor
CS Forums $upporter
Joined
Dec 21, 2011
Messages
4,991
This is a paid feature (EID).


Sent from my iPad using Tapatalk

Respectfully, why? Security enhancements/fixes shouldn't be paid features/upgrades.
 
D

DJ0WH

Not Registered
Because MOTOTRBO is not seen as "mission critical".... :-/


Sent from my iPad using Tapatalk
 

Mars

Prolific Contributor
CS Forums $upporter
Joined
Dec 21, 2011
Messages
4,991
Because MOTOTRBO is not seen as "mission critical".... :-/
First, I'm not blaming you, or trying to make you the guy in the hot-seat here by asking these questions. You're a valued member of the forum, a very intelligent and helpful resource to everyone in the industry and seem like a sincere, genuine person.

What do "Mission Critical" and "Operations Critical" actually mean, in Motorola lingo? "Luxury and shit"?

Motorola has had some major difficulty in the last 4-5 years. Things are not looking good. I believe one of the reasons (among many) things are looking bleak, is because they've lost touch with the customers' needs. In North America, they are FIXATED on up-selling APX gear to those whom do not need it. Want AES-256 so you can satisfy your credit card merchant account security prerequisites for processing payment in the field? TRBO with 40-bit garbage isn't good enough...APX ONLY. But in the EMEA, AS or LA markets, AES seems to be available.

(On a sidenote, the fact AES is readily available for purchase through Motorola in the EMEA, AS and LA markets seems to contradict with the recent DHS ICE concerns of AES being exported to other countries -- which I've had no part of.)

Somehow, I don't think Greg cares about the direction of Motorola Solutions' two-way offerings at the moment.
 
D

DJ0WH

Not Registered
What can I say.....


Sent from my iPad using Tapatalk
 
D

DJ0WH

Not Registered
First, I'm not blaming you, or trying to make you the guy in the hot-seat here by asking these questions. You're a valued member of the forum, a very intelligent and helpful resource to everyone in the industry and seem like a sincere, genuine person.

What do "Mission Critical" and "Operations Critical" actually mean, in Motorola lingo? "Luxury and shit"?

Motorola has had some major difficulty in the last 4-5 years. Things are not looking good. I believe one of the reasons (among many) things are looking bleak, is because they've lost touch with the customers' needs. In North America, they are FIXATED on up-selling APX gear to those whom do not need it.

Somehow, I don't think Greg cares about the direction of Motorola Solutions' two-way offerings at the moment.

That's a discussion to have over several Molsons...


Sent from my iPad using Tapatalk
 

cyrus

Trailer Park Superintendent
Staff member
CS Forums $upporter
Joined
Jan 5, 2012
Messages
978
What do "Mission Critical" and "Operations Critical" actually mean, in Motorola lingo? "Luxury and shit"?

At one point, Motorola referred to TRBO as Business Critical.

I have a feeling they were having a tough time selling Business Critical to smaller public safety agencies so they changed the name to Operations Critical.
 

mss-dave

Prolific Contributor
CS Forums $upporter
Joined
Jan 22, 2013
Messages
243
Might just have to call the entire brand "Future Proof" here shortly.

Sent from Samsung G4 on Tapatalk
 
Status