TETRA radio comms used by emergency heroes easily cracked, say experts

If it looks like a backdoor, walks like a backdoor, maybe it's ... export control

Updated Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.

The flaws, dubbed TETRA:BURST, are said to affect all TETRA radio networks. They potentially allow an attacker to decrypt communications in real-time or after the fact, to inject messages, to deanonymize users, or to set the session key to zero for uplink interception.

Two of the flaws are characterized as critical. The first (CVE-2022-24401) is an oracle decryption attack that can be used to reveal text, voice, or data communication. It is made possible by the Air Interface Encryption (AIE) keystream generator's reliance on network time, which is broadcast publicly and without encryption.

The second (CVE-2022-24402) is an engineering weakness – the TEA1 [PDF] encryption algorithm, according to the researchers, "has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes."

The Midnight Blue team contends the backdoor, as they put it, follows from deliberate algorithm design decisions. Presumably this was done to allow the export of the encryption technology: sometimes, under various rules and regulations, security has to be weakened to allow it to ship.

"The vulnerability in the TEA1 cipher (CVE-2022-24402) is obviously the result of intentional weakening," the researchers state in their disclosure. "While the cipher itself does not seem to be a terribly weak design, there is a computational step which serves no other purpose than to reduce the key's effective entropy."

The security pros explain that the use of secret, proprietary cryptography has been a common theme in previously identified flaws affecting GSM (A5/1, A5/2), GMR (GMR-1), GPRS (GEA-1), DMR ('Basic' and 'Enhanced' encryption), and P25 (ADP) – used in North America. These issues follow largely from export control practices that insist on weak encryption, they suggest.

"Despite being widely used and relying on secret cryptography, TETRA had never been subjected to in-depth public security research in its 20+ year history as a result of this secrecy," Midnight Blue explained in its disclosure.

"In order to shed light on this important piece of technology, Midnight Blue was granted funding by the non-profit NLnet foundation as part of its European Commission supported NGI0 PET fund. Midnight Blue managed to reverse-engineer and publicly analyze the TAA1 and TEA algorithms for the first time, and as a result discovered the TETRA:BURST vulnerabilities."

The European Telecommunications Standards Institute (ETSI), which oversees the TETRA specification, did not immediately respond to a request for comment.

The three less-than-critical vulnerabilities consist of: CVE-2022-24404, a high-severity vulnerability arising from lack of ciphertext authentication on the AIE that enables a malleability attack; CVE-2022-24403, a high-severity vulnerability that allows radio identities to be identified and tracked due to weak cryptographic design; and CVE-2022-24400, a low-severity vulnerability that allows confidentially to be partial compromised through a flawed authentication algorithms that permits the setting of the Derived Cypher Key (DCK) to 0.

Technical details of the flaws are due to be released on August 9, 2023, at the Black Hat security conference in Las Vegas, and at Usenix Security and DEF CON. Midnight Blue said it waited one and half years to disclose details rather than the usual six months for hardware and embedded systems due to the sensitivity of the matter and the complexity of remediation.

The primary concern, they say, for law enforcement and military users of TETRA networks is the possibility that messages will be intercepted or manipulated. That's also a potential problem for critical infrastructure operators, who could see the communication services of private security firms manipulated or even the injection of data traffic that would affect the monitoring and control of industrial equipment, like railway switches or electrical substation circuit breakers.

Patches are available for some of the vulnerabilities. ®

Updated to add

In a statement, ETSI said it adheres to export control regulations, and that any weaknesses in the security of TETRA would be due to that rather than a deliberate backdooring of the technology.

“The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption,” the organization said.

“These regulations apply to all available encryption technologies. As the designer of the TETRA security algorithms, ETSI does not consider that this constitutes a ’backdoor.’”

ETSI said it welcomed research efforts to strengthen standards, that software patches were issued last October to fix any issues, and that it’s not aware of any active exploitation of operational networks.

Send us news

Watchdog claims retaliation from military after questioning cushy federal IT contracts

IT-AAC had a hand in scrutinizing JEDI, now faces probe for challenging $300M+ single-source deals

Top Ukrainian cyber officials fired after allegedly pocketing kickbacks from govt IT deals

Duo probed over alleged $2M embezzlement plot

US govt pays AT&T to let cops search Americans' phone records – 'usually' without a warrant

At least get a court order before mining Hemisphere Project data, says Senator

Meta goes to war with FTC over right to profit from kids' personal data

Awkward hill to die on, but OK

Ex-school IT admin binned student, staff accounts and trashed phone system

After getting the tintack, IRL BOFH went rogue

Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew

CISA calls for stronger IT defenses as Texas district also hit by ransomware crew

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

Third-party data breach affecting Canadian government could involve data from 1999

Any govt staffers who used relocation services over past 24 years could be at risk

How to give Windows Hello the finger and login as someone on their stolen laptop

Not that we're encouraging anyone to defeat this fingerprint authentication

Weak session keys let snoops take a byte out of your Bluetooth traffic

BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets

Brit borough council apologizes for telling website users to disable HTTPS

Planning portal back online with a more secure connection

Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain

Emergency comms standard had five nasty flaws but will be opened to academic research