Section Twelve RF Scanners Project 73—Scanning the Neighborhood ‘To the urban spy, Radio Frequency (RF) scanners are a dream come trie because they let you tune ito a very large range of the radio spectrum and listen to the exchange between two parties as if ‘you were tuning into a typical radio, Most of the communication you will hear on an RF scanner is readily available as an unscrambied audio signal, parily duc to the fact that the operator may not care that it can be heard, but also because the operator may not know how easily it can be heard. ‘You might think that your new 900 MHz cordless phone wi deal of security and privacy, but the truth is, many Of the basic cordless devices available today offer little or no privacy whatsoever. Adding the functionality of secured transmission on any RF device involves a lot more circuitry, and cost to the user, something that would not appeal to the average consumer, Sure, you can pay extra for a th 25 channel capability offers a great cordless phone with frequency hopping abilities, or purchase a family radio system with some type of voice scrambling system, but those features cost a Jot more than the basic unit, and in reality, a highly ‘motivated spy with a good handle on electronies could eavesdrop. Unless your radio uses an ‘encryption system with some type of hard-to-crack code or encryption key, then you area target for any Evil Genius that can reverse engineer a tating receiver, malcingitune into your jest part of all is that sometimes no electronics experience will be needed in order for the eavesdropper to listen to ‘your device besides the flipping of a few so-called ‘channels and the addition of an outdoor antenna to ‘some type of basie consumer radio device like a baby room monitor. Before you can tune into your neighborhood as though it were a commercial free “reality” radio Figure 12.1 A nypical radio scanner base unit,Neighborhood the Project 73-Scanning show, you will need some type of RF scanner like the one shown in Figure 12-1. Like most of the radio devices you will be scanning for, nor all scanners are created equal, and indeed, you will get what you pay for in features. Sure, any old scanner will provide hours of entertainment, with easy access 10 most low-end RF devices such as baby monitors, okler cordless phones, citizens band radios, and even some government agencies, but w really dig into the RF spectrum, you will need a scanner that can reach 2s most of the RF spectrum as possible, The ultimate scanner will reach frequencies as low as a few KHz (hilohertz) with an upper limit of several GHz (gigahertz). It will have the ability to program several hundred channels into memory for fast seamning, and it will sean with a speed fast enough to Tock onto a conversation before anything is missed. Some other features that a high-end seanner should have are: audio output, DTMF decading, extremely small scanning steps, and possibly some type of simple unscrambling device. A top-end scanner with all the bells and whistles, will set you back a few hundred dollars as ‘compared to an older unit with a narrower scan spectrum which can be found at many second-hand stores for well under a hundred dollars. Before you. dig deep into your spy budget for the latest and greatest hardware, first take a look atthe list of common frequencies shown in Table 12-1, to see what RF devices may be transmitting in your area, AS you will notice in Table 12-1, there is a ‘world of information at your fingertips, much of it attainable with even the most basic second-hand scanner. One of the most interesting areas of the RF spectrum is the 900 MHz cordless phone and as most of these transmissions ‘will be fully unscrambled and available at distances of several blocks or more depending on room monitor where you place your scanner’s antenna, Your {informetion-gathering mission may be very easy if your target willingly places a sensitive audio bug, such as a baby monitor, in his or her home, Many people do not realize that baby monitor equipment ‘uses RF that can be transmitted, intercepted and recorded outside of their home, When you plug a baby monitor inio the power source, it begins spewing out every whisper in your house for every scanner owner within a few miles 10 hear, and T have yer to see any type of scrambling or security features available in these devices, no matter what the cost. Inexpensive cordless phones are no more secure than those room monitors, and they will not only transmit your voice, but also the party you are communicating with, as well as the numbers you dial on the key pad. Some other areas of interest are the police radio frequencies, family radio frequencies and CB radio frequencies, as all of these will contain information that may be useful, interesting, or just plain entertaining, Besides scanning range and speed, the number of channels is also important to the usefulness of a radio scanner, as these will be like your favorite radio. stations placed into memory for fast recall. You may need to keep tabs on any suspicious activity ‘going on in the house at the end of your street (ood thing they have a discount store cordless phone), and monitor how often the police are dispatched to the location, so placing all of the 900 MHz cordless phone base frequencies and police radio frequencies on memory for fast scanning will be necessary. You could plug in the frequency ranges manually, and let the scanner search for any activity, but this takes a lot of time, ‘especially if the scanning step is very narrow. By placing the exact frequency in channel memory, it will feel as though the scanner tunes in the very instant the conversation begins, and this is « bonus if you plan to install an auto-recording device. The last feature that makes a scanner more usable is the ‘actual scanning speed. The scanner must first tune into a certain frequency, then decide if there is enough modulation there to tum off the squelch circuit and begin sending the audio to the speaker‘Table 12-1 Common RF devices and their transmit frequencies CB Radio Channels Channel Frequency Channel Frequency Channel Frequency Chanel Frequency 1 26.305 2 27.105 2B 27225 M 21.345 2 26.975 B 2s 4 27235 35 27.358 3 26.985 4 27.125 25 27.245 36 27.365 4 27.005 1s 27.135 26 27.265 ar 21375 5 27.015 16 27.155 7 27278 38 27.388 6 27.025 7 27.165 28 27.285 39 21.395 7 27.035 Is 27.175 29 27.295 40 217.805, 8 27.055 1» 27.185 30 27.308 9 27.065 2» 27.205 3 27315 0 27.075 21 27215 2 27325 ul 27.085 2 27.228 33 27335 Fanily Radio Service Channel Frequency Chaanel__Frequency _Channel__Frequency Channel Frequency i 462.5625 5 462.6625 9 4675875 1B 467.6875 zi 402.5875 6 462.6875 10 467.6125 ir 461.7125 3 462.5875 i 462.7125 " 461.6375 4 462.5375 8 467.5625 12 467.6625 Cellular Telephone Frequencies Baby Monitor Frequencies Service A Service B Channel Frequency Channel Frequency Channel Frequency 824,040-834.990 §35.020-844.080 1 493000 44986007 49,8950 869.040-879.990 §80.020-889.980 2 498300 «5498750 g99T00 815,010-816480 $46.510-848.070 3 498450 «6 49.8900 890.010-891.480 §91.510-893.970 Coniless Telephone Frequencies Qrannel Base Handset Channel__‘Base Handset‘ Chuarmel__—~Base_—_‘Handset U 43.720 48,760 nl 44320 49.280 aa 46.770 49.830 2 43.740 48.840, 2 44360 49.360 2 46830 49.890 3 43.820 48.860 13 44400 49.400 23 46870 49.930 4 43.840 48.920 4 44.400 49.460 4 46.930 49.990 3 43.920 49020 15 44.480 49.500 25 46970 49,970 6 43.960 49.080 16 46.610 49.670 1 44.120 49.100 7 46.630 49.845 8 44.160 49.160 18 46.670 49.860 9 44.180 49.200 19 46.710 49.770 10 44200 49240 20 46.730 49.875 (Continued) 167 pooyzroqybtean syqQ Bb5utTuuess—¢y, 2oelorzg