[Elecraft] K4 and Linux Infrastructure

Dave Cole (NK7Z) dave at nk7z.net
Mon Jun 3 18:31:40 EDT 2019 

Based on the lack of ability to chance the CW rise times, I suspect 
Elecraft will not give access to the processor, and OS.  I would not.

Why?  If too many users change things, and break things, the radio will 
get a bad rep...  If Elecraft is smart, they will lock the users out of 
that level of access.

73s and thanks,
Dave (NK7Z)
https://www.nk7z.net
ARRL Technical Specialist
ARRL Volunteer Examiner
ARRL Asst. Director, NW Division, Technical Resource

On 6/3/19 2:04 PM, Jeff Scaparra wrote:
> I believe these are all good points that elecraft should consider. As for
> myself I am a tinker-er and as such i can imagine many things i would like
> to do with the on board system. Personally I would like the option of
> "unlocking" access do that I could use the underlying linux system and
> would be willing to be responsible for the security of the system if I did
> so. I know there will be many who just want a good radio to operate and
> that is why I am suggesting that maybe this is a opt into thing with the
> caveat that if you unlock this your responsible to keep the radio secure.
> 
> Jeff
> N5SDR
> 
> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <n8sbe at arrl.net> wrote:
> 
>> Paul,
>>
>> I believe you mistook the 'direction' of DDOS attack I was talking
>> about.
>>
>> The K4 would not be the target of a DDOS attack, but rather an unwitting
>> participant in launching a DDOS attack as part of robot army of IoT
>> devices.
>>
>> Thousands of hacked IoT devices are for rent on the dark web, for any
>> script kiddie that wants to attack a particular target.
>>
>> Also, it may be popular to use hacked web sites, or various documents
>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>> there are other known vectors, including various open ports found while
>> scanning.  It may be the a router would be able to block access, but the
>> very peer-to-peer nature of the K4 (controlling other K4's or being
>> controlled by another K4 or PC, tablet, etc, means that routers would
>> need to allow certain inbound connections through the router or
>> firewall.  These allow for interesting attack vectors, which will
>> certainly be exercised, if possible.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Paul Gacek <w6png at yahoo.com>
>> Date: Mon, June 03, 2019 4:00 pm
>> To: "Dave New, N8SBE" <n8sbe at arrl.net>
>> Cc: Elecraft Reflector <elecraft at mailman.qth.net>, Rick WA6NHC
>> <wa6nhc at gmail.com>
>>
>> Dave
>>
>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
>> effectively. If a million zombie Macs decide to simultaneously attack
>> your end point your best chance is as Rick states, a device that makes
>> up the perimeter defenses such as a firewall or cyber security
>> alternative (i.e router, IDP). Most homes don’t have anything
>> particularly sophisticated deployed and are therefore somewhat
>> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
>> at Citizen Dave or his neighbors. Protection albeit optimistic is really
>> in the realm of a corporate network but even then we have a few cases
>> where iconic sites get hammered and go dark. Enabling the K4 to defend
>> against DDOS is a little like building a house to withstand random bits
>> of ISS dropping in unexpectedly; not something I’m expecting to be
>> paying for.
>>
>> Unwanted ransomware or bitcoin mining programs are most likely the
>> result of an unwitting end user at and end point (PC, Android etc) doing
>> something that resulted in the malware ending up on their end point.
>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>> going to a compromised but reputable site such as NASA.gov.
>> Alternatively, it could be someone opening a compromised PDF or
>> Word/Excel attachment. The best protection here is to be cautious and
>> mindful of what you do in the cyber world and absolutely make sure you
>> are running the most uptodate OS (not XP) and to its most current patch
>> level.
>>
>>
>> Presumably but maybe not, the K4 won’t make available to the ham
>> operator a browser that allows them to surf wherever nor an email client
>> that they can read Excel attachments at the whim of the ham operator.
>> That is best done outside of the K4.
>>
>>
>> Hardening Linux, following best practices on coding and penetration
>> testing are all things to be aware of and implement as appropriately.
>>
>>
>> For those who might be interested in perusing details of some of these
>> topics these links might be interesting;
>> Secure Coding Practices
>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>
>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
>> Testing https://www.tenable.com
>>
>>
>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
>> my K4.
>>
>>
>> Paul
>> W6PNG/M0SNA
>> www.nomadic.blog
>>
>>
>>
>>
>>
>>
>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <wa6nhc at gmail.com> wrote:
>>
>> Much of that protection can be implemented at the router level (>90% of
>> all sites) and the internal linux (fairly bullet proof) will deal with
>> the radio talking to the world.
>>
>> It shouldn't be too difficult for Elecraft to refine security to the
>> radio, you'd only need a few ports of network access, which if required,
>> could be coded to set values (MAC address) up to the menu level...  or
>> limited access into the linux side of the radio.
>>
>> I'm confident it has been considered and managed with the usual Elecraft
>> elegance.
>>
>> Rick NHC
>>
>>
>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>> So, let's let the elephant in the room bellow a bit.
>>
>> Ahem, CYBER SECURITY.
>>
>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>> Ethernet (and therefore the Internet), you've just opened a stinking
>> pile of attack vectors.
>>
>> And please don't think that no one will bother figuring out how to 'own'
>> such a powerful connected processor.  If you spend anytime reading up on
>> things like Distributed Denial of Service (DDOS) attacks, you will find
>> that things like webcams and routers (which typically don't even have a
>> 32-bit OS in them) have been marshaled to unleash frightening
>> multi-gigabit attacks on various targets.
>>
>> Or, try the newest craze, dropping Bitcoin or other digital currency
>> mining engines on unsuspecting machines, taking them over hog mode, and
>> pegging the CPU at 100%, using your electric bill for their gain.
>>
>> Or, maybe the K4 will be the first ham radio to suffer from a
>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>> (in bitcoin usually, to make it hard to track) to get control of his
>> radio back.
>>
>> True, at least one or more other companies have already stepped out
>> ahead, by putting Windows 10 in their radio.
>>
>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>> with the cyber security aspects of this new toy, and what plans you may
>> have for outside pen testing, etc. have been made.
>>
>> At the very least, you should be using authenticated boot and
>> authenticated flash, protected by a root certificate in an internal
>> hardware trust anchor.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Wayne Burdick <n6kr at elecraft.com>
>> Date: Sun, June 02, 2019 11:52 am
>> To: Leroy Buller <lee.buller at gmail.com>
>> Cc: Elecraft Reflector <elecraft at mailman.qth.net>, Lee Buller
>> <lgbuller at k0wa.com>
>>
>> x86, not PI (ARM). It's the controller for internal/external displays
>> and streaming I/O, runs the server for remote clients, and serves as the
>> present/future app engine.
>>
>> Additional details pending.
>>
>> 73,
>> Wayne
>> N6KR
>>
>>
>>
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:Elecraft at mailman.qth.net
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:Elecraft at mailman.qth.net
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:Elecraft at mailman.qth.net
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:Elecraft at mailman.qth.net
> 
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
>

More information about the Elecraft mailing list