Even though microwave communications have some built-in security-like features such as scrambling, narrow beamwidth, proprietary airframe, coding and other factors, it is not very hard for them to be broken by those with the proper expertise. Some vendors even openly offer digital microwave interception systems for “legitimate” monitoring. This and the growing sophistication and willingness of those attempting to break into wireless networks makes a high level of security for microwave more important than ever.
Historically, security and encryption measures were primarily employed by government or defense agencies or by the financial industry to protect sensitive information. But in today’s connected world the issue of network security can apply to any type of communications network, whether it is fixed, mobile or private.
Is Microwave Ready?
In general, microwave packet radio security is a concern. However, there are different aspects of microwave radio protection that must be considered. The information payload of microwave communications is the most obvious part. For operators that participate in the public switched telephone network (PSTN), the main issue is the security of the communications traffic they are carrying. That would involve both voice and data traffic.
Both popular and scholarly publications have been rife with stories of how easy it has become to tap into mobile calls. For example, the GSM code has been ineffective arguably since a hack was announced in August 2009. With GSM encryption broken, degraded or bypassed, mobile phone calls and text messages can be monitored and diverted by snooping parties. This can happen even before they get to the basestation. The BBC recently demonstrated GSM hacking in an online video.
Once calls and messages are in the mobile backhaul network, in many cases, no encryption is applied at all—not even the broken GSM code. In the past, hackers would have had to buy or by some other means obtain radio equipment identical to that they wanted to take over illegally. This was not an obstacle for those intent on industrial or governmental espionage, but it put it beyond the means of the run-of-the-mill hacker who has become familiar since the mid-1990s. Even if the hacking was not beyond the average hacker’s technical capabilities, it was beyond his economic capabilities. Now commercially available microwave monitoring equipment can be employed to pick out communications channels, to listen and record all conversation and ambient noises for up to 72 hours. One research firm also demonstrated how cell towers can be spoofed to intercept communications.
Another aspect of microwave security encompasses how secure is the management of the network. Even if the payload of a microwave backhaul network is secure, the management may not be, allowing hackers or others with malevolent motives to drop or kill traffic. Unsecure management channels can allow them to create mismatched frequency settings between radio pairs, reconfigure circuitry or reroute payload traffic to another radio if a cross-connect is present. For example, there was an instance where unauthorized users took control of a motorized antenna and repeatedly sent instructions for the motor to adjust the position of the antenna, eventually draining the batteries for the entire site, rendering it “dead.” However, with the shift to the all IP/Ethernet network of the future, hackers are finding ways to wreak havoc on backhaul networks from their desktop PCs, smartphones and other powerful mobile computing devices.
Access control of the microwave network is also a cause for concern. It is critical that only authorized personnel are allowed to log onto the administration of a microwave backhaul network. Like many computer-based systems, microwave radios are set up with some basic logon access procedures. Oftentimes, the logon screen will not look very dissimilar from the typical Windows or Macintosh workstation. There will be a dialog box for a username and a password. However, unlike the typical desktop computer, a microwave radio’s graphical user interface is not logged onto that much. Therefore, as per human nature, their usernames and passwords become all too predictable. “Root” and “admin” and “123456” and “password” were very popular as usernames and passwords, respectively, according to one security study. A “mechanized” or “dictionary” attack can randomly generate username-and-password combinations and succeed in unlawfully logging onto a radio on this premise: that the logon will be subject to people being creatures of habit. Thus, there must be a way for microwave network administration to enforce a hard-to-guess username/password security policy.
Another aspect to access control is the issue of the level of control. It is also essential to control what each legitimate user is allowed to perform once logged in—to prevent voluntary and involuntary damaging actions. Not only must users be limited to their area of responsibility and knowledge and avoid involuntary commands that could damage the network but also reserve critical activity for designated key personnel (e.g., cryptography officers).
Would my Radio Network be Secure?
Given the security issues around microwave payload, management and access control, many questions have been raised. Would my microwave radio network be safe from intrusion? What would be the impact of breached calls or text messages? There could always be potential for a Greece type of incident. More importantly, the proactive questions to ask about microwave network security include:
We’ll examine these questions more in future posts. Or see our white paper.