Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others.
Funny how this came out when there’s been a renewed push for backdoors in cryptography. They all seem to forget that all it’d take for an adversary to get in is for them to find the backdoor… Sadly this kind of thing is pretty common in the radio sphere - the “basic” encryption (better called ‘privacy code’) on DMR radios is often one of 16 or 256 different codes, and the next step up is 40-bit ARCFOUR. For AES, you have to pay through the nose for software licences, and most users won’t or can’t bear the costs. The only good news is the higher-tier algorithms like TEA2/TEA3 weren’t vulnerable - and they’re more likely the ones in use by emergency services.
@cosmo @stefenauris @bersl2 agree except that TEA2/3 weren’t vulnerable *in this particular study*. ETSI/TCCA are (foolishly, I think) sticking to their guns on the algorithms being tightly controlled. Without proper, widespread academic scrutiny there is little confidence that they are *actually* secure.
@cosmo @stefenauris @bersl2 I like how the researchers in their release squarely blame the TEA1 issues on failure to adhere to Kerckhoffs’s principle; but ETSI in their response completely fail to address that and adopt a “this is fine” stance.
