With the proliferation of inexpensive software-defined radio hardware, the era of RF "security" through obscurity is over. For example, tools exist to decode pager and GSM traffic, ACARS and ADS-B, DMR and P25 digital radios, and even satellite data services. In this work, we examine the GE MDS 9710, a legacy RF modem still widely deployed in SCADA installations. This modem is particularly interesting because it uses a modulation scheme not typically seen, and as an old design, doesn't provide any encryption or authentication. Since common SCADA protocols (such as ModBus and DNP3) assume a secure physical layer, this means that many SCADA installations are vulnerable to wireless attacks.