TETRA Algorithms Can Be Decrypted, Says Cybersecurity Firm Midnight Blue
Security researchers uncovered multiple vulnerabilities in a widely used radio communication system used by law enforcement and in critical infrastructure for data transmission that could allow remote decryption of cryptographically protected communications.
Researchers at Dutch security firm Midnight Blue identified five vulnerabilities in Terrestrial Trunked Radio or TETRA – a European standard for radio communication that has been adopted by device makers such as Motorola, Hytera and Simoco. The firm says the standard is the “most widely used police radio communication system outside the U.S.”
The flaws identified by the firm reside in proprietary cryptographic algorithms that, against a widely accepted cryptographic principle holding that obscurity is detrimental to security, are distributed under a strict nondisclosure agreement.
Researchers extracted the algorithms by hacking a Motorola radio, Wired reported Monday.
Midnight Blue is reserving technical details for a presentation at Black Hat on Aug. 9. It dubbed its findings TETRA:Burst. The firm notified the European Telecommunications Standards Institute, which developed the TETRA standards during the 1990s, of its findings roughly 18 months ago. In November, ETSI released a new suite of encryption algorithms and said end-to-end encryption mitigates a particular weakness flagged by researchers that resides in a TETRA encryption algorithm known as TEA1.
The Midnight Blue researchers found a “backdoor” in TEA1 that allows an attacker to reduce an 80-bit encryption key to a smaller size that can be brute-forced. ETSI contested that the TEA1 flaw is a backdoor and said that the algorithm follows standards governing the export of cryptographic systems. It also emphasized that TEA1 is rated for general use rather than police use.
The Midnight Blue researchers said the flaw is nonetheless concerning and that private security services patrolling critical infrastructure such as airports and harbors may use radios encrypted with TEA1. The algorithm is also present in machine-to-machine communication used to monitor industrial equipment, potentially allowing attackers to inject malicious traffic into electrical substations or railway signaling systems.
Wouter Bokslag, co-founder of Midnight Blue, told Information Security Media Group that a large number of TETRA radios are still susceptible to the brute forcing, since upgrading radios with end-to-end encryption isn’t always commercially viable.
“TETRA is used in a professional context where the same company provides radio transmitter and receiver technologies, so generally there is no need for end-to-end encryption,” he said. Unless firms upgrade their radios to the newest suite of TETRA encryption algorithms, end-to-end encryption is the only way to ward off attackers, he added.
Additional significant flaws detected by Midnight Blue include weaknesses in the original TETRA Air Interface Encryption standard. Among them is the method TETRA used to generate the keystream for encrypting communications. Researchers found AIE used publicly broadcast time stamps to derive the keystream. An attacker that injected a false time stamp into the network could intercept communications encrypted with any of the TETRA encryption algorithms, including those rated for law enforcement, the researchers said.
The same attack could be used to send rogue messages. A Midnight Blue researcher told Wired that an attacker would need to be within “tens of meters” of a target radio to execute the attack.
ETSI said it is not aware of any active exploitation of the flaws identified by the company.