Day: July 26, 2023

Serious Vulnerability In European Trunked Radio System

July 26, 2023 by 40 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

Where Old Files Go To Die

July 26, 2023 by 30 Comments

We all lead digital lives, and we work in and on files of one sort or another. And sometimes we get attached to them. That long manifesto you poured your heart into, but nonetheless probably shouldn’t see the light of day? Love letters from former flames? Your first favorite video game that you can’t play any more, but it just sits there eating up drive space?

These are the files that are important enough that they deserve better than just a drag-and-drop into the trashcan. They deserve to be buried with dignity, and that’s just what [Ulf Schleth]’s /death/null offers us – a digital graveyard where our files no longer exist as they were, but still are allowed to linger in memory.

This is an old project, but one that tickled our funny  and poignant bones in equal parts. The pun on /dev/null probably works just a little better if you read both filepaths with a German accent in your head, but the idea translates anyway.

To use it, you simply upload your file and it gets sent to the great trashcan in the sky, but along the way a 4 x 5 matrix of colored blocks is created that represents the file, and it is registered forever in the graveyard, where you can check up on it any time you like. Of course you can’t read it – only 20 RGB triples remain – but you have the digital “gravestone” as commemoration.

Even if you don’t have any loved ones in [Ulf]’s graveyard, you can walk by and see which files others have chosen to remember. Swing on by and pay your respects to notepad.exe.