Did TETRA Have a Backdoor Hidden In Encrypted Police And Military Radios? [Hackaday]
Encrypted communications are considered vital for many organizations, from military users to law enforcement officers. Meanwhile, the ability to listen in on those communications is of great value to groups like intelligence agencies and criminal operators. Thus exists the constant arms race between those developing encryption and those desperately eager to break it.
In a startling revelation, cybersecurity researchers have found a potentially intentional backdoor in encrypted radios using the TETRA (TErrestrial Trunked RAdio) standard. TETRA equipment is used worldwide by law enforcement agencies, military groups, and critical infrastructure providers, some of which may have been unintentionally airing sensitive conversations for decades.
Sneaky, Sneaky
If you’re unfamiliar with TETRA, it’s a trunked radio system designed for professional use by groups like government agencies, emergency services, infrastructure and rail operators, and military and law enforcement. It’s uses time-division multiple access (TDMA) for channel sharing, and is capable of carrying both voice and digital data. It can be used in direct communication modes, or in a trunked system with switching where infrastructure is available. By virtue of its networked nature, it can provide far greater communication without the usual range limitations of handheld portable radios.
The researchers from Midnight Blue, a cybersecurity firm, were the first to perform a detailed, publicly-available analysis of the TETRA standard, which has turned up vulnerabilities within its underlying cryptography. TETRA features a number of encryption methodologies, all proprietary. The researchers uncovered a serious vulnerability specifically in the TEA1 encryption algorithm.
Although not all TETRA radio users are using TEA1, those who do are likely at risk of having their communications intercepted and decrypted. TEA1 is primarily intended for commercial users. The three other encryption methods, TEA2, TEA3, and TEA4, have different intended applications. TEA2 is reserved for police, emergency services, military, and intelligence users in Europe only. TEA3 is restricted to similar users in countries considered “friendly” by the EU, like Mexico and India. Users in other countries, like Iran, are forced to make do with TEA1. TEA4 is another algorithm intended for commercial users, though is hardly used, according to Midnight Blue.
The list of TETRA users is long, with the system used in 114 countries by 2009. While many have access to the stronger encryption methods, few would want to hear they use a compromised radio system. TETRA is used by police forces across the Middle East, including Iran, Iraq, Lebanon, and Syria, along with Polish and Finnish military forces. Dutch police are a major user too, and Midnight Blue has met directly with the organization to discuss the breach.
The Backdoor
The vulnerability, which has been termed a “backdoor” by the researchers, is essentially a “secret reduction step” in the encryption process. This reduces the initial encryption key’s entropy from 80 bits to just 32 bits. This makes cracking the key trivial with a modern computer. It enables an attacker to decrypt traffic easily with consumer-grade gear and a software-defined radio dongle for interception. This decryption process is not only swift, taking less than a minute, but also undetectable when done by a passive listener.
Notably, TETRA’s proprietary nature has meant that public analysis of its encryption has been difficult to pursue. Midnight Blue researchers got around this by simply purchasing a Motorola MTM5400 TETRA radio off eBay to perform their analysis. Code execution was achieved on the main application processor via a vulnerable interface, which then allowed the team to dive into the workings of the signal processing chip. The team was then able to reverse-engineer the cryptographic operations going on inside, and crack the TEA1 encryption wide open. The team have termed the series of vulnerabilities TETRA:BURST.
The controversy surrounding the intentional or unintentional existence of this backdoor has raised eyebrows. While the researchers insist on its deliberate design, the European Telecommunications Standards Institute (ETSI), responsible for the TETRA standard, refutes this claim, attributing it instead to export controls dictating encryption strength.
According to reports published by Wired, the 32-bit limit in the TEA1 algorithm was intended to meet export requirements for equipment to be used outside Europe. Brian Murgatroyd, chair of the body responsible for TETRA in ETSI, stated that at the time of development in 1995, 32-bit keys were still considered relatively secure. He also claimed that the most this would allow would be the decryption and eavesdropping of communications. However, Midnight Blue researchers point out that TETRA does not digitally sign or authenticate individual transmissions. Thus, once a radio is authenticated onto a TETRA network, it can inject any desired transmissions at will.
It’s a curious statement, though, given that the key reduction hack the group found was not publicly available. Ostensibly, TEA1 relied on 80-bit encryption. Regardless, there are hints that this weakness was well-known as far back as 2006. A leaked diplomatic cable regarding U.S. pushback on the export of Italian TETRA radio equipment to Iran noted that the encryption included was “less than 40-bits,” a threshold considered below the level suitable for military use.
Regardless of intentionality, the possibility of the backdoor’s existence and its potential exploitation over decades cannot be overlooked.
What does this revelation mean for the countless entities using TETRA standard radios? For starters, it points to a significant and alarming risk to public safety and national security. Confidential and sensitive information could have been or could still be intercepted and decrypted by potential adversaries. This discovery also shines a spotlight on the inherent vulnerabilities in relying on proprietary cryptographic systems which cannot be easily scrutinized by external security experts. It also shows how international relations play a big role in technology exports, and tells us just how little different countries really trust each other.
The organizations affected by this vulnerability have significant challenges ahead. First and foremost, they need to determine the extent of potential breaches that might have occurred due to this backdoor. Given that this backdoor has been around for decades, this could be an arduous task with far-reaching implications. Additionally, these organizations will need to plan immediate countermeasures, such as implementing firmware updates and migrating to other TEA ciphers or applying end-to-end encryption to secure their communications. Notably, Midnight Blue has been long planning a talk at the 2023 Black Hat event on this very matter, but it has been listed under a redacted name to protect TETRA users while the group made disclosures to affected parties.
However, the issue runs deeper than merely fixing this one vulnerability. The discovery has further fuelled the debate over the use of “closed, proprietary crypto” versus “open, publicly scrutinized standards.” In the interest of avoiding such security pitfalls in the future, organizations might have to reassess their security infrastructure and lean towards adopting open cryptographic systems, which can be vetted by external experts and the wider security community.
In conclusion, this revelation serves as a stark reminder of the inherent risks of proprietary cryptography and the urgent need for a shift towards more open, transparent, and scrutinized security standards. After all, in an increasingly interconnected world, the cost of complacency towards cybersecurity can be catastrophically high.