Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.
One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.
Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.
Thanks to [cfacer] and [ToniSoft] who sent these tips!
Photo via Wikimedia Commons.
Wired link requires 12ft:
https://12ft.io/proxy?&q=https%3A%2F%2Fwww.wired.com%2Fstory%2Ftetra-radio-encryption-backdoor
When they first approached us with “Hey, you need Tetra on your boat, because all harbors will use it and it is more secure, and think of the future and all”, I thought to myself, what do I talk that is of any value to anyone other than some folks on my boat or those handling some locks…
But as the world rotates more, of course we got it. I’m not sure if there was ever a reasonable use. Crew still uses their old talkies, because if you drop them down into the pump sump it is $100 and not an arm and a leg.
That said, mean written, after looking into Tetra and its security I thought to myself: well, that sure is only secure because it is a.) overly complicated, b.) devices are hell expensive and c.) all knowledgeable ppl. need some time to set up gear until they can start fiddling around, and then need some more time to poke into the holes.
/me is waiting for Baofeng doing Tetra. :-)
The rad1o badge (hacker compatible) has a Tetra button. Time to try it out…
“European” is an over-simplification. Tetra is in use worldwide, including in some places in the United States. There are 4 encryption methods TEA1 to TEA4, only TEA1 has been shown to have have this vulnerability and that seems like it isn’t used within Europe.
TETRA uses one of five options when it comes to encryption:
TEA1 – is for commercial use and is primarily used by critical infrastructure around the world. But it’s also used by some police and military agencies outside of Europe.
TEA2 – considered a more secure algorithm is designed for use only in radios and walkie-talkies sold to police, military, intelligence agencies and emergency personnel in Europe. (export is restricted to the 42 countries covered by the Wassenaar Arrangement)
TEA3 – essentially the export version of TEA2 which is for use outside of Europe by the same kinds of entities that use radios with TEA2. (export is restricted to the 42 countries covered by the Wassenaar Arrangement)
TEA4 – also for commercial use but is hardly used, the researchers say. (e.g. Iran)
Encryption is not enabled.
Looking at the above I would be very surprised if TEA1 was not used within the EU.
ref: https://en.wikipedia.org/wiki/Wassenaar_Arrangement#Membership
I laughed when I read the solution “To address the issues, ETSI created three additional algorithms to replace the previous ones. They are called TEA5, TEA6, and TEA7. But these also are secret, which means no outside experts have examined them to determine if they are secure.” – https://zetter.substack.com/p/interview-with-the-etsi-standards
It’s a *headline*, of course it’s simplified!
And the backdoor in TEA1 is only one of *multiple* vulnerabilities discovered by this team.
They saw something strange in an S-box but that wasn’t in TEA1 and another researcher says that likely wasn’t exploitable.
The other issues they found weren’t passive so far more likely an attacker would be caught.
Here in good old Germany the policemen, firefighters etc are generally happy to still have their analogue walkie-talkies and analogue repeaters. They keep the old stuff stored in boxes, in case of emergency, even after its decommission. More than often, the digital stuff has proven itself to just doesn’t cut it. In a tunnel, the connection to their partners cut off, because everything must work via the central/base. Even if they’re less than 20m away from each others, there’s no digital radio contact. What a nonsense. I guess it doesn’t help that these fancy digital base stations are secretly being hidden somewhere in the lower regions of a city (hello flood!), while the analogue repeaters are located on high buildings and mountains, thus covering a large area. The whole centralized “cellular” design is a fail. Two-way radios are no cell phones. They must still work independently of a base station/repeater, too. With the old analogue radios, the users could switch channels as needed.
TETRA does have direct handset-to-handset operation mode called Direct Mode, or DMO for short.
So you can use them without infrastructure and people do so. It just has to have that programmed to a channel and the user needs to know about it.
Same thing as with analog radios.
The direct channel needs to be programmed in for the user to be able to use it like that.
Some very old single repeater or trunked analog radios ware physically incapable of using the same channel for transmit or receive.
So it really does depend on the radios used and programming.
A well-designed system should not need extra steps & user intervention/knowledge, especially one used in emergencies – the call should always get through if it can.
I worked on TETRA many moons ago and even then it felt like a very over-engineered and clunky system trying to be too clever.
Thats why you program DMO on a specified channel before you hand it out to users
It seems that you never Worked in Planing in Radio Systems…. And the Police in Germany dont use Analog Anymore!
I think you should learn about how they plan an 4 M Gleichwelle….
And DMO works more as 20M ;) I know it because i work with this at Work.
So please Stopp posting this kind of Bullshit. Thank you
“the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.”
When I was a kid about half of all grandmothers and some other adults had police scanners going 24×7 and they knew what was going on around town before anyone else did. That world still functioned and I never heard of anything bad coming of it. How about just leaving it alone?
“They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA.”
Awww shit. Seriously?
Hmmm, totally missed the word European in there.
Well, my comment about the past was the past in the US, I have no idea about Europe. But.. I can tell you it didn’t cause a problem over here.
Most US police depts still use some sort of trunking system, usually UHF. The Virginia State Police implemented a VHF trunking system, but I have no idea beyond that detail. I worked with them in the 90s, right when we implemented a digital microwave backdone. But the rest of the system was firmly analog.
Anecdotes are not Anecdata. I’d like to see Moto and Kenwood’s sales numbers before I said “Usually” anything. I know for a fact I’ve never seen a PD with UHF in my state, everyone is either VHF or “700”mhz
700MHz is UHF. 30-300MHz is VHF, 300-3000MHz is UHF.
Usually those are Motorola public safety radios in 600/700/800MHz, likely using P25.
Bad news – if your infrastructure isn’t using TETRA they’re only using something else that’s likely even worse.
It’s always the case of “mostly nothing will happen”. Until you get a psycho using a scanner to target police officers and first responders.
Either way, security through obscurity is a joke – if the algorithm is secret you can be sure it has backdoors.
Was that ever an actual problem or just a paranoid persons justification for making things overcomplicated and more expensive?
when I lied in another city they had 2 tactical channels set aside . They were not encrypted. You could hear them doing drug bust/stakeouts etc. They would also broadcast what the vice squad was doing as well. It got pretty interesting on the weekends .
Where I live, the police use encrypted radios because they don’t want the drug dealers to know when they’re about to get raided.
The other emergency services use unencrypted digital trunked radio (APCO25) and you can still easily buy scanners to listen in. There are even websites that live stream.
The vunderability only affects systems which use TEA1.
The discovery was reported to all vendors some time ago and, in many cases, the vunderability has been patched.
Customers who are concerned about this should speak to their vendor.
TETRA has things like DMO which can provide short distance (~5km) communications, point-to-point or back into the system if DMO gateway is used.
See also https://www.etsi.org/newsroom/news/2260-etsi-and-tcca-statement-to-tetra-security-algorithms-research-findings-publication-on-24-july-2023
What about the four *other* vulnerabilities? TEA1 was not the only thing they broke.
The other critical vulnerability applies to all four of the current encryption algorithms TEA1/2/3/4 and allows decryption oracle attacks.
If only they released any details on *other* vulnerabilities, people who know TETRA could probably respond.
The largest fallacy is to assume that privacy on radio communications is possible at all. Radio transmissions by their very nature are public over a vast area. Someone is always listening in.
Yup. Some may think people should have learned of WK2 and the Enigma. 😔
The more you complicate the plumbing the easier it is to stop up the drain. –Montgomery Scott
If a public service agency (police fire etc.) doesn’t want the public listening in, there’s something going on.
The majority of people with scanners just like to listen. As for myself, if I hear sirens, I turn the scanner
on to figure out what’s going on. Of course there are those who will use a scanner in the commission of a crime, or show up at every call. There are cases where this has happened. I got my first crystal controlled scanner as a kid. 4 channel radio shack job. You could walk into any radio shack and they’d have a list of frequencies for the local area that they would give you if you asked. Back in NJ, Union City was 460.4250, West New York was 470.3625 and 470.3125. Guttenberg and Hoboken shared a 155 mhz frequency while North Bergen had a single 800 mhz frequency. From a technical standpoint, I can understand the need for a trunked system. However, that system can go into a failsafe mode. During the Nisqually Earthquake, that’s exactly what happened. The system became overloaded. I haven’t looked lately but if I remember correctly, Union City went to a trunked system. It’s good for inter-agency interoperability, but it seems the analog stuff is more reliable. Nowadays I have a Uniden BC396 handheld. Older model, but still works.
I dont think it was the general public that they were worried about. You already acknowledged that some used scanner in commission of crimes, I’d assume that we want some encrition when a SWAT team is rescuing hostages, but yeah, how often does that occur?
By the way, my dad had a crystal scanner that we’d listen to fire calls on, back in the late 70’s. I now have an old Bearcat, but its only use is monitoring the local NWS station.
The problem with this approach is that it’s always the good guys who’re suffering due this concept. It’s like with digital rights management (DRM). The pirates don’t care, but the honest buyers/customers are being neglected.
In case of police, firefighters, ambulances etc. it just causes annoyance. In a real emergency, the good guys may also use their private property – like FM scanners or car radios (in my place, VHF police radio was below broadcast band; The upper end at ~87 MHz still was receivable with an unmodified car radio). So making things encrypted does/did lock out the good guys, too.
Also, there’s something else. Encryption attracts hackers and crackers, it always did.
Making something encrypted causes unnecessary attention.
Someone may wonder why those smart guys working on such standards have no psychologists on board.
By all that professionalism, I mean, the most profane things are seemingly ingnored. Tst. 🙄
> They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA.
But why do people assume that those use encrypted communications? It’s not mandatory. It costs money. Back in the day when some systems migrated to TETRA, the lack of off-the-shelf radio scanners capable of decoding TETRA could be a “good enough” countermeasure.
> This article from Wired goes into much more detail about this vulnerability as well (…)
Well, yes, but no. Midnight Blue say they will release details on August 9th. Some parts of the article sound like a bad output of ChatGPT. You want details on the TEA1 vulnerability (CVE-2022-24402)? This is as good as it gets:
> But TEA1 has a feature that reduces its key to just 32 bits—less than half the key’s length.
That’s it. The rest is just a filler.
The description of the second vulnerability (CVE-2022-24401) sounds nothing like the video posted by Midnight Blue. Some nonsense about both radio and infrastructure generating the same keystream, then another radio generating it for different timestamp and the attacker recovering it somehow to be able to inject rogue messages? Come on! The video shows that it takes 12 minutes of repeatedly sending something to the radio to recover the keystream. Maybe the Wired author meant the other vulnerability related to lack of ciphertext authentication (CVE-2022-24404)?
Oh, and let’s not forget that TETRA can be used with end-to-end encryption. Radios can have smart card slots for user-provided security modules. At least Germany mandates it, but I have no idea if all agencies use it or just the military and intelligence.
[Disclaimer: I spent a couple of years working with TETRA radios, so I may be a bit biased.]
If that’s really a planted backdoor, then the most likely explanation could be “5 Eyes”.
In any case, it’s just another case of security through obscurity doing its job at failing miserably.
It was broken by design, I’m 100% sure of that. The intelligence community were involved in designing the weakened encryption algorithm, they were probably seeded through shell companies into the ETSI ( European Telecommunications Standards Institute) committee designing TETRA.
One only has to look at how the problem is being fixed with three new encryption algorithms (TEA5, TEA6, TEA7) which will also be kept secret, and not accessible to outside experts who could examine them to determine if they are actually secure.
But to be fair part of the secrecy is so that ETSI get NDA’s signed and after payment hand out documentation to TETRA vendors who want to implement the new encryption algorithms.
TEA1 is from the same era and standardization organisation as GSM A5/2.
And had the same reasons too.
Public safety shouldn’t be allowed to use encrypted except in rare circumstances. Otherwise it just promotes more tyranny from the government.
so you are happy for the neighbours to hear the message dispatching cops to your house because you are fighting with your wife again, and all the info that goes along with that? your child is on the at risk register and there are 15 prior calls to that address.
If they are your neighbours then they very likely are the ones calling the police, so they know… boy do they know.
I would also say that a monocultures in the world is the major problem. Greater diversity (polyculture systems) with all systems would help make the cost to the intelligence community prohibitive.
Imagine a world where two or more people communicating privately have the option to select from a list of thousands of encryption algorithms with full authentication, authorization, accounting. Ideally with the option to double or triple encrypt the data being transmitted with multiple encryption algorithms. Or even the ability to change the encryption algorithms used on every data packet transmitted
One major problem with central standards organisations is they they always produce monocultures which ultimately reduce costs for all intelligence communities around the world.
oops posted to wrong post.