Some very clever work indeed but remember this is about a vulnerability on particular old piece of software that I doubt is heavily used. The APRS Packet angle is really just the comms medium; it could have been a dial up modem or a network cable. Yes Radio in this mode is inherently insecure as there are no security protocols anywhere in the radio links but then modern networks rely on higher level devices in the 7 layer for security.
QRZ....where those unable to create are the harshest critics of those that do. Regardless of the date or platform it is food for thought. Digital modes with their "free" software are the perfect breeding ground for malware as their use proliferates.
thank u frank for taking the time to share this video with all the concerns and we are talkingt about ham radio and there is a tom of people that use all kinds of old computers and programs as well. thank you dont pay any mind to some of these people.
I'm late to the thread but I'm the security researcher that published this work. I'm happy to answer any questions anyone may have. This project was really meant as an exploration into security research in the area of ham radio. I was specifically interested to see if a computer could be compromised using ham radio only (not Ethernet or other networks) since I hadn't seen anyone do it before. Most won't need to worry about this specific vulnerability unless they are running WinAPRS on Windows XP. I did also publish a working proof of concept exploit that works against WinAPRS on Windows 10, but that version is more complicated and much more likely to simply crash WinAPRS instead of executing malicious code (though it is technically possible). Any Windows version after XP Service Pack 3 has built-in mitigations to help prevent this type of exploit and requires extra hoops to jump through for successful exploitation. That being said, someone more clever may be able to find a more reliable way to exploit the software. Also, I did disclose this vulnerability to the author of WinAPRS before it was disclosed publicly. The author is unlikely to ever update WinAPRS due to it being very old and he no longer has a development environment to work on it. It's likely best to use a different and more modern APRS program.
As users of software that cannot reasonably be trusted - which is most ham radio software, due to rampant outdated development and distribution practices - our best defense is to compartmentalize. I use a separate computer for ham radio stuff, and personal/financial data never touches it. That's what I would recommend - then your ham box can be as old and creaky and unmaintained as you want, as long as it works for you. Just don't let it near the piggybank.
Well, eehhhrr.... I do. Profesionally. On an isolated virtual machine to keep my $20.000 worth of OrCAD Schematic, Layout and Express running, which it won't on W10.
If he's talking about ATMs, that is a different flavor of XP and not subject to the same EOL statements as the desktop version. IBM's OS2 was in use on ATMs long after OS2 was off the market. Chris
