I couldn't find where anyone else had done this before with ham radio. That was another motivating factor. It was an interesting new (but, actually old) attack vector. I've always been interested in weird attack vectors like this. I've read some fun research in the past about infrared communications, magnetic strips, etc. Things that are all around us but we don't really think of as attack vectors.
>I've read some fun research in the past about infrared communications, magnetic strips, etc. Things that are all around us but we don't really think of as attack vectors.
Any particular source that you would recommend to start learning about these vectors?
The resources that come to mind are actually all videos of Defcon talks by the same person (Major Malfunction aka Adam Laurie). They are pretty old now, but still interesting.
Thanks! I actually took three OffSec courses last year. The first one I did was the OSWP (wifi) as a sort of warm up because it's the easiest course they offer and I knew I could knock that out pretty quick. Then I took the OSEP course which was a ton of content. Finally I took the OSED which was another ton of content and the most technical of those three. My work gave me 40 hours of in-office time to last year for training. I can't recall if I used that 40 hours for the OSEP or OSED, but I know I used it for one of those two. However, I still put in a ton of hours on my own time too. It's just a lot of content to go through. 40 hours isn't enough time for either of those courses in my opinion. Having no children (and an understanding spouse) made it easier for me to dedicate a lot of personal time on the training. I love OffSec's stuff though and recommend it to anyone who is into offensive security and wants practical training.
Yeah, I've thought about this a lot with the increased popularity of digital modes. Especially those small programs made by one or two people, just as you identified. I mean, I crashed a friend's radio simply by sending him an SMS over DMR (seems like a known issue/limitation with the radio firmware). Even well-established products are susceptible to attacks. No different from any other modern tech I guess :)
I'd like to spend some time digging into radio/tnc firmware for vulnerabilities but that's a bit over my head. I've managed to dump the firmware from my TNC but I haven't found a good way to get it disassembled yet. I've got a partial disassembly, but that's it. Unfortunately, I won't have more time to work on that for a few months.