Security

Research

TETRA radio comms used by emergency heroes easily cracked, say experts

If it looks like a backdoor, walks like a backdoor, maybe it's ... export control


Updated Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.

The flaws, dubbed TETRA:BURST, are said to affect all TETRA radio networks. They potentially allow an attacker to decrypt communications in real-time or after the fact, to inject messages, to deanonymize users, or to set the session key to zero for uplink interception.

Two of the flaws are characterized as critical. The first (CVE-2022-24401) is an oracle decryption attack that can be used to reveal text, voice, or data communication. It is made possible by the Air Interface Encryption (AIE) keystream generator's reliance on network time, which is broadcast publicly and without encryption.

The second (CVE-2022-24402) is an engineering weakness – the TEA1 [PDF] encryption algorithm, according to the researchers, "has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes."

The Midnight Blue team contends the backdoor, as they put it, follows from deliberate algorithm design decisions. Presumably this was done to allow the export of the encryption technology: sometimes, under various rules and regulations, security has to be weakened to allow it to ship.

"The vulnerability in the TEA1 cipher (CVE-2022-24402) is obviously the result of intentional weakening," the researchers state in their disclosure. "While the cipher itself does not seem to be a terribly weak design, there is a computational step which serves no other purpose than to reduce the key's effective entropy."

The security pros explain that the use of secret, proprietary cryptography has been a common theme in previously identified flaws affecting GSM (A5/1, A5/2), GMR (GMR-1), GPRS (GEA-1), DMR ('Basic' and 'Enhanced' encryption), and P25 (ADP) – used in North America. These issues follow largely from export control practices that insist on weak encryption, they suggest.

"Despite being widely used and relying on secret cryptography, TETRA had never been subjected to in-depth public security research in its 20+ year history as a result of this secrecy," Midnight Blue explained in its disclosure.

"In order to shed light on this important piece of technology, Midnight Blue was granted funding by the non-profit NLnet foundation as part of its European Commission supported NGI0 PET fund. Midnight Blue managed to reverse-engineer and publicly analyze the TAA1 and TEA algorithms for the first time, and as a result discovered the TETRA:BURST vulnerabilities."

The European Telecommunications Standards Institute (ETSI), which oversees the TETRA specification, did not immediately respond to a request for comment.

The three less-than-critical vulnerabilities consist of: CVE-2022-24404, a high-severity vulnerability arising from lack of ciphertext authentication on the AIE that enables a malleability attack; CVE-2022-24403, a high-severity vulnerability that allows radio identities to be identified and tracked due to weak cryptographic design; and CVE-2022-24400, a low-severity vulnerability that allows confidentially to be partial compromised through a flawed authentication algorithms that permits the setting of the Derived Cypher Key (DCK) to 0.

Technical details of the flaws are due to be released on August 9, 2023, at the Black Hat security conference in Las Vegas, and at Usenix Security and DEF CON. Midnight Blue said it waited one and half years to disclose details rather than the usual six months for hardware and embedded systems due to the sensitivity of the matter and the complexity of remediation.

The primary concern, they say, for law enforcement and military users of TETRA networks is the possibility that messages will be intercepted or manipulated. That's also a potential problem for critical infrastructure operators, who could see the communication services of private security firms manipulated or even the injection of data traffic that would affect the monitoring and control of industrial equipment, like railway switches or electrical substation circuit breakers.

Patches are available for some of the vulnerabilities. ®

Updated to add

In a statement, ETSI said it adheres to export control regulations, and that any weaknesses in the security of TETRA would be due to that rather than a deliberate backdooring of the technology.

“The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption,” the organization said.

“These regulations apply to all available encryption technologies. As the designer of the TETRA security algorithms, ETSI does not consider that this constitutes a ’backdoor.’”

ETSI said it welcomed research efforts to strengthen standards, that software patches were issued last October to fix any issues, and that it’s not aware of any active exploitation of operational networks.

Send us news
60 Comments

AMD secure VM tech undone by DRAM meddling

Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory

Facing sale or ban, TikTok tossed under national security bus by appeals court

Video slinger looks to Supremes for salvation, though anything could happen under Trump

Australia passes law to keep under-16s off social media – good luck with that, mate

Also intros surveillance tweaks to protect very successful AN0M fake messaging app sting

AWS unveils cloud security IR service for a mere $7K a month

Tap into the infinite scalability... of pricing

T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'

Security chief talks to El Reg as Feds urge everyone to use encrypted chat

US senators propose law to require bare minimum security standards

In case anyone forgot about Change Healthcare

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

'It's a double-edged sword,' security researchers tell The Reg

Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?

Meanwhile, CISA chief Jen Easterly will step down prior to inauguration

China's Salt Typhoon recorded top American officials' calls, says White House

No word yet on who was snooped on. Any bets?

Open source maintainers are drowning in junk bug reports written by AI

Python security developer-in-residence decries use of bots that 'cannot understand code'

Telco security is a dumpster fire and everyone's getting burned

The politics of cybersecurity are too important to be left to the politicians

FTC urges smart device makers to disclose software update lifecycles

You need to know in advance when your kit will be bricked or downgraded – it's the law