Establishing Private Radio Communications Using Consumer Grade Equipment

Posted: January 5th, 2011 by Militant Libertarian

by REG, SurvivalBlog

Sometimes it is ideal for your radio transmissions to be overheard by outside parties but sometimes it is highly undesirable. Radio by its very nature is an open medium. Interception equipment such as radio scanners are commonly available and easy to use. With such a device an unwanted listener could easily intercept your communications. How do we guard against such security vulnerabilities? Digitally encrypted public safety grade radio equipment is certainly an option albeit a very expensive one. Fortunately consumer grade equipment is commonly available that is capable of providing a high degree of privacy against unwanted interception. It is ideal for short range Neighborhood Watch or survival group communications. This writing will mostly focus on short range, point-to-point communications.

Some very common forms of radio communications equipment are: CB radio, FRS, GMRS, MURS radios, and Marine band radios.  Unfortunately these forms of communication offer very little in terms of privacy although some do offer analog voice scrambling options

Voice scrambling is technically illegal on CB, GMRS, and MURS frequencies. However, some FRS radios come with a feature known as voice scrambling. The voice scrambler in these radios use a technique called fixed frequency inversion and it is trivial to break. Online software (Invert), hardware de-scramblers (Ramsey SS-70) or simply another radio with a fixed frequency inverter could be used to descramble the communications. Many Marine Band radios offer the ability to add on a voice scrambler, but once again the security level is fairly low. Some Marine Band radios made by ICOM offer split band scramblers or rolling code scramblers (slow hopping split band). Split band offers a low level of security as there are only 32 possible scramble codes and the slow hopping split band scrambler offers a medium level of security at best with slightly more than 1,000 possible codes. For the purpose of this writing I won’t get into the inherent weaknesses of analog voice scramblers

Note: Legality issues may exist with using Marine Band radios on land, but in a worst case situation it may be a viable option. Some marine band radios will do 25 watts and coupled with a good 5/8 wave mobile VHF antenna you could achieve good range. ¼ wave antennas are more compact but more of the signal is radiated upwards so you will sacrifice range. The aforementioned communications options will work, but establishing privacy could be a challenge. Better options exist.

The FCC recently approved the use of 1 watt radios for voice communication on the 900MHz ISM (Industrial, Scientific, and Medical) band. Some radio communication devices that use this band are the: TriSquare eXRS radio; Motorola DTR radio; and Nextel (now Sprint) phones using the Direct Talk option in the menu (not all Nextel phones have this option). What makes the 900MHz ISM band radios so great? First off, they all use frequency hopping technology (A requirement to use the ISM band) and some are digital which adds another layer of security.

Let’s take a look at these radios individually:

TriSquare eXRS radio: 1 Watt 900 MHz ISM band
The basic model (TSX-100) offers 1000 channels and the high end model (TSX-300) offers 2 billion channels. You can get a pair of the basic model radios for around $50 and a pair of the high end radios for about $90. The eXRS radios use frequency hopping technology (Hop rate: 400mS or 2.5 frequency hops per second) and analog narrow FM voice. The frequency hopping will prevent interception by a radio scanner. However, since the voice is still analog the slow frequency hopping can be tracked and the voice demodulated by a near field surveillance receiver such as the Optoelectronics Interceptor or the newer Optoelectronics Xplorer. (An audio sample of the TriSquare eXRS radio being tracked and demodulated by a near field surveillance receiver can be heard here in the “Files” section).

Motorola DTR (Digital Two-way Radio) 1 Watt 900 MHz ISM band
The Motorola DTR uses frequency hopping technology that changes the transmission frequency every 90mS or almost 11 times per second. As an added bonus the voice is digitally modulated using VSELP (Vector Sum Excited Linear Prediction). Most Motorola DTR radios, such as the DTR 550 come with five public channels enabled. By following the instructions that come with the radio you can enable channels 6-10. If you want private communications to secure against the possibility of another DTR radio from overhearing your transmission you can purchase an optional keyboard programmer from Motorola (approximately $40) which will allow you to create private channels by setting your own unique 11-digit radio I.D. (1 Trillion codes). This will give you a fairly high level of security since no other DTR radio, unless it has the same 11-digit I.D., will be able to hear your transmission. As far as being able to hear a DTR transmission by using a near-field surveillance receiver- it won’t work since the audio is digital. The surveillance receiver can track the frequency hopping, but the “audio” will sound like popping. Even if a high-end frequency counter (being fed to a digital scanner) were able to track the frequency hopping of the DTR it would still not be able to decode the audio because digital scanners can only decode APCO P25 digital, not VSELP. Another nice feature of the newer DTR radios is that they have a removable antenna so you could use them as mobile radios. With a high quality magnet mount 900MHz antenna mounted on a car you should be able to increase your range substantially. The only drawback of the Motorola DTR is the price. They usually run at least $250 per radio, new. They are however more durable and reliable than the TriSquare eXRS radio. For those on a budget who still desire private digital communications, I’m going to let you in on a little known secret called Nextel Direct Talk.

Sprint (Nextel) Direct Talk (off-network) 700mW 900 MHz ISM band
Not to be confused with Nextel Direct Connect, Direct Talk requires no contract or activation through Nextel (now Sprint). All you need is a Direct Talk capable phone (the i355 and the i570 are excellent choices with the i355 being the cheapest) and a SIM card installed. Your best source for these phones (and SIM cards) is eBay. A used i355 can be had for around $20 a phone. I have three of them and I just recently purchased three newer i570’s with SIM cards, batteries, and chargers (AC and DC) for $55.

Direct Talk uses the exact same technology as the Motorola DTR (900 MHz ISM, 90mS frequency hopping and VSELP digital voice), but they are not compatible. Direct Talk offers 10 channels with 15 selectable privacy codes per channel. It also offers a “Private individual call” function where you can individually call another phone without any other group member overhearing the conversation, even if they are on the same channel. More information on how to use Direct Talk is available from Nextel.

Communications Range
As I previously noted, Nextel Direct Talk phones have 700 mW transmit power compared to 1W of transmit power from the Motorola DTR and TriSquare eXRS radio. In head-to-head range tests the 1W radios provided no appreciable increase in range. Radio manufacturers are known to exaggerate the useful communication range of their products. I have extensively tested the Motorola DTR and my Nextel phones set to Direct Talk and have found the following:

Further Information and Accessories
After you have selected your radio equipment, it is a good idea to purchase a few extra radios in case of failure or if you add a new member to your group. I recommend purchasing at least two spare batteries for each radio. The Trisquare radios can be powered with standard alkaline batteries. DC chargers are available for both the Nextel and Motorola DTR. Both the DTR and Nextel phones use the same style charger, but keep in mind they are not compatible with each other communications wise.

It is also a good idea to purchase some form of headsets for the radios for stealth communication. I prefer the surveillance type headsets. These are the type with the push-to-talk (PTT) mic that can be clipped on your shirt collar. They also have an earphone for covert listening. A note on the earphones, it is a good idea to get one that has an attachment that goes over and around the top of your ear to hold the earphone securely in place. Once again, a good source for these is eBay. But keep in mind you get what you pay for. Some are made overseas and are of low quality materials so they may not hold up in the field. (Note: I have read that Nextel phones using Direct Talk can only use the speaker mode, so a private headset may not work for Direct Talk. I have not personally tried to test them with headsets.)

The radios I’ve just described (900 MHz ISM band) are a welcome arrival to the consumer market. They are capable of providing private, interference-free communications. Try getting that on CB, FRS, or GMRS. While they do provide a high level of privacy, keep in mind that no radio transmission should be considered 100% secure. Even though these radios use frequency hopping and some are digital, the transmissions will still show up on a spectrum analyzer and can be detected with near-field surveillance receivers. If you require more security, radios with digital encryption can easily be procured in the used market by civilians. [Although they are restricted from use in the United States.] You will need to know about programming the radio, cryptographic key loading and management, encryption ciphers available to you (DVP, DVP-XL, DES, DES-XL, AES, etc) and their strengths and weaknesses. Look for this information in a future article. In the mean time, pray, procure, and prepare.


Leave a Reply