This presentation will provide a brief introduction to the Automatic Packet Reporting System an open standard for digital communication for sending data, predominantly positional data automatically in short digital beacons over amateur radio frequencies, how it works, and it’s intended use. Then I will go into an analysis of the vulnerabilities of the system as well as where the protocol succeeds in the context of the CIA triad. Initially I’ll outline its use in search and rescue applications. Next, I’ll dive into finding individuals to contact in the amateur radio community. Finally, I’ll go into sending out weather data. I will then move into an explanation of the packet format and a very brief look at the AX25 data link layer protocol APRS utilizes and a brief explanation of digipeaters and igates that expands the range of the APRS network. I will move into the security strengths and weaknesses. The sole strength being only that the system is very de-centralized making it fairly reliable in the local area and easily expanded. The weaknesses include a lack of true authentication in that anyone can claim to be anyone, no encryption is permitted due to FCC regulation on the airwaves. Due to this it is easy to feed the system false data interfering with other users and preventing any guaranty of integrity. The lack of encryption also results in absolutely no confidentiality as anyone can hear the packets getting beaconed out.
Evan Natter is a cyberspace operations specialist in the United States Army.