TETRA radio compromised

RonSwanson

Honorary Master
Joined
May 21, 2018
Messages
21,416
Reaction score
28,622
TETRA (Terrestrial Trunked Radio) which is currently used by law enforcement worldwide, and the SAPS, has for years used proprietary encryption algorithms, this despite best practices which dictate otherwise. The secrecy around the crypto has now been lifted, with some startling (but not unexpected) results. A bad RNG reduces the TEA1 crypto algorithm (with a key length of 80 bits) to 32 effective bits, and this is so blatant that it is suspected that it is an intentional backdoor.

The researchers plan to present their findings next month at the BlackHat security conference in Las Vegas, when they will release detailed technical analysis as well as the secret TETRA encryption algorithms that have been unavailable to the public until now. They hope others with more expertise will dig into the algorithms to see if they can find other issues.

To obtain the algorithms, the researchers purchased an off-the-shelf Motorola MTM5400 radio and spent four months locating and extracting the algorithms from the secure enclave in the radio’s firmware. They had to use a number of zero-day exploits to defeat Motorola protections, which they reported to Motorola to fix. Once they reverse-engineered the algorithms, the first vulnerability they found was the backdoor in TEA1.
Noted that it was around about this time (2004-2006) that the SAPS purchased and implemented TETRA.

This has been known to the security researches since 2021, but state actors have known about it for far longer:
In a 2006 US State Department cable leaked to Wikileaks, the US embassy in Rome describes an Italian radio manufacturer asking about exporting TETRA radio systems to municipal police forces in Iran. The US pushed back on the plan, so the company representative reminded the US that encryption in the TETRA-based radio system they planned to sell to Iran is “less than 40-bits,” implying that the US shouldn’t object to the sale because the system isn’t using a strong key.

The second vulnerability is in the keystream used to sync two devices. Both use the timestamp on packets as part of the nonce. The problem is that the timestamps are unauthenticated and unencrypted, so an attacker can intercept and do all sorts of wonderful things with this, including creating a rogue device that is trusted.

 
Last edited:
ETSI finally decides to make their "secret" encryption algorithms open to the public (Halleluja!), but we will have to wait a bit for them. Hopefully not another 25 years.

European Standards Body Votes to Release Secret Algorithms

After hit with criticism earlier this year for keeping its encryption algorithms secret, the European standards body behind the TETRA algorithms has decided to open them to the public for scrutiny.

The European standards body that was heavily criticized this year for keeping its encryption algorithms secret has decided to make all of the algorithms public for researchers and users to examine them for flaws.

The group’s technical committee voted last month to make them public, though they won’t be released until a later date, a spokeswoman told Zero Day. The group plans to release older algorithms that caused controversy when researchers found serious security flaws with them, as well as a new generation of algorithms that the group developed more recently.

ETSI had kept the algorithms secret for more than twenty-five years, controlling who got to examine them by requiring a signed NDA from anyone ETSI let view them. This prevented independent security experts from examining the algorithms for vulnerabilities.

 
Top
Sign up to the MyBroadband newsletter
X