When Wireless Goes Rogue
Wireless Access Point
WiFi, who doesn’t use it? I do, but only to surf the WWW. Everything else is done using my old fashioned cabled network. There’s a reason for that: having been an editor for the Dutch PC Magazine for about 15 years, I know how easy it is to set up a rogue access point. In my case it is a FON router, and so far it proves to be quite easy to capture anyones account names and passwords. A rogue access point could be seen as a ‘honey pot‘. The idea of finding totally free Internet access makes people blind for the risks.
Now I’m not interested in someone else’s accounts and passwords at all, and I certainly don’t intend to sniff them out and abuse them, so I used my own laptop and access codes instead. After some experiments I’m pretty sure that I can intercept anyone’s private information who is stupid enough to trust my rogue access point.
More experiments will follow next week when, if everything works as well as we intended, PA2AYX and me will set up a long distance WiFi network. Now remember, this is just for fun, so the ‘Rogue Factor’ will be killed off faster than it took to set it up.
Interesting links:
- http://www.tech-faq.com/rogue-wireless-access-point.html
- http://dimitar.me/karma-on-the-fon-and-sniffing-wireless-network-traffic-with-ubuntu-step-by-step/
- http://www.wireshark.org/
Weather stations, car keys, car alarms and other funny stuff
Another example of wireless going rogue is the use of the 70cm band for weather stations or car keys and alarms. Weather stations aren’t very interesting. Yes, you could jam them, but nobody would probably notice. Car keys and alarms are a different story. Many car makers use 433.920MHz as the standard frequency to operate remote car keys and alarms, which is right in the middle of our amateur band. Not too smart, as it proves to be very easy to record the (AM modulated) signal, replay it, and watch doors open or close. Just a low power carrier is enough to ‘jam’ the doors, or prevent owners to switch on their alarm system. A true haven for thieves.
There are plenty of other and more reliable frequencies to choose from, but the low price of standard 70cm devices seems to be more important. A real shame.
New Amateur Band?
If you like to experiment with new frequencies, KnightRadio has the solution: the TYT TH-UV3R. Not the normal breed of dual band radios, that’s for sure. I wonder what type and length of antenna is included in the package for transmitting on 400-470Hz. Yes, Hertz, not MegaHertz. 
The necessary 400Hz antenna will be delivered separately by an 18-wheeler.
Baofeng UV-5R bugs to date
- Direct frequency access. See Baofeng UV-5R Review Part 1.
- There are 9 settings for the squelch threshold, but changing it doesn’t make a difference. Whatever the setting, the Baofeng wakes up at -129dBm on VHF, and -126dBm on UHF. Under normal conditions the default squelch threshold seems to be just right, but in a noisy environment this bug might haunt you.
- The same is true for the VOX sensitivity. It doesn’t matter what setting you choose, the sensitivity stays the same.
UV-5R spare batteries, Baofeng or TYT?
There won’t be many people who didn’t notice the striking resemblance between the Baofeng UV-5R and the TYT TF-F8. An obvious question was: are spare parts like antennas and batteries exchangeable? The answer is yes, but there’s one mystery left to solve.
I purchased two TYT TF-F8 spare batteries on eBay from this seller. Apart from the rated capacity (1600mAH vs 1800mAH) I couldn’t really notice any significant differences between the TYT version and the Baofeng version. The charge contacts are organized the same way, but whether the plus and minus contacts on the top were organized the same could not be established. I took a risk here, but these contacts proved to be compatible also. The TYT fits like a glove, too. (see update at the end of this article)
Left: Baofeng, right: TYT
Capacity, weight
The UV-5R battery weighs 79 grams, at 81 grams the TYT battery is 2 grams heavier. The difference is likely caused by the fact that the plastic of the Baofeng version is cut out here and there to match the looks of the radio. Which leaves the question “If only a bit of plastic is responsible for the difference in weight, what are the differences inside?”
I don’t know yet, but I have my suspicions. I already had some doubts about the Baofeng rating of 1800mAH, which seemed a bit optimistic when looking at the package. After using the original battery for a while, and especially after this purchase I think I might have been right. The problem is that I don’t know for sure, b
ecause the TYT battery still needs its three cycles of depleting and charging. When that’s done, I can compare them in a more scientific way.
What if?
If both batteries prove to be identical, it wouldn’t make any sense to buy a Baofeng branded version. At the time of writing the lowest price for a TYT battery is $12.99, while a Baofeng battery can’t be found cheaper than $17.00. That’s a 31% price gap!
*Update* Dave W1WBZ, who uses the same combination, noticed that the TYT battery appears to be properly seated while it’s not. I checked his findings and have to agree with him. Although it took quite some effort here, it is possible to remove the TYT battery without unlatching it. Dave solved the problem by filing off some of the plastic, after which the battery latched properly. Picture will follow.
Evolution
Hitachi CH-1330R versus Baofeng UV-3R, 36 years of evolution
At the left: Hitachi CH-1330R CB HT. At the right: Baofeng UV-3R.
Hitachi CH-1330R Specifications:
Number of channels: 2
Mode: AM
Power output: approx. 500mW
Range between 2 HT’s, under optimal conditions (approx): 1 Km
Case material: steel
Weight: 945 grams (incl. 8 AA batteries)
Antenna length: 1 meter 75cm
Year of production: 1975
Price in 1975: +/- € 115 (not compensated for 36 years of inflation)
Baofeng UV-3R Specifications
Number of channels (10KHz spacing): 10.800
Mode: FM
Power output: 2 Watts
Range between 2 HT’s, under optimal conditions (approx): 6 Km
Case material: plastic
Weight: 127 grams (incl. battery)
Antenna length: 12 cm
Year of production: 2011
Price: € 35.
Wanna go back in time?
