The encrypted radios utilized by global law enforcement, military, and crucial infrastructure organizations may harbor a deliberate backdoor, enabling unauthorized access to sensitive information, according to the latest findings by cybersecurity researchers.
Security lapse: a systemic vulnerability
The research team found numerous vulnerabilities in the Terrestrial Trunked Radio (TETRA) standard, which is globally implemented in radios. These vulnerabilities span from issues in the basic encryption to those that permit the decryption of communication traffic.
Contrary to the researchers’ depiction of their discovery as a backdoor, the body accountable for maintaining the standard rebuffed the specific term. They clarified that the standard was designed for export controls to decide the encryption strength, but the ultimate result reveals radios whose traffic can be decrypted using standard consumer hardware such as a regular laptop within minutes.
The chilling discovery: an intentional backdoor?
Jos Wetzels, a member of the research team from cybersecurity firm Midnight Blue, contended that this feature could only serve as an intentional backdoor. The vulnerabilities identified could allow historical decryption of communications and deanonymization across TETRA. This implies a potential threat to users, including Europe’s national police forces and emergency services, African military organizations, and North American train operators, among others.
TETRA: a dated system with potential weaknesses
First introduced by the European Telecommunications Standards Institute (ETSI) in 1995, TETRA has since been used in products such as radios marketed by companies like Motorola and Airbus. Given its closed-source nature and reliance on “secret, proprietary cryptography,” it has been challenging for outside experts to verify its security.
Potential vulnerability in military radios: the disconcerting ‘backdoor’
The researchers spotted what they described as a backdoor in the specific encryption algorithm called TEA1. They found a “secret reduction step” that dramatically lowers the initial key’s entropy, thus enabling any attacker who followed this step to decrypt intercepted traffic using consumer-level hardware and a software-defined radio dongle. In an alarming revelation, this backdoor could potentially compromise the encrypted communications of military radios that utilize the TEA1 encryption algorithm.
Despite not all TETRA-radio users employing the TEA1 algorithm, TETRA’s long lifespan means there might have been opportunities for exploitation if another party was aware of this issue.
Addressing the issue: Steps towards a solution
In response to the findings, several radio manufacturers have developed firmware updates for their products. For TEA1, however, the researchers recommend users shift to another TEA cipher or apply additional end-to-end encryption to their communications.
| Party | Role | Response |
|---|---|---|
| European Telecommunications Standards Institute (ETSI) | Organization that standardized TETRA | Welcomes research efforts to strengthen the security of the standard and disputes the term “backdoor” |
| Midnight Blue | Cybersecurity firm that discovered the backdoor | Insists the key reduction step is not publicly advertised and appears to be an intentional backdoor |
| Manufacturers of TETRA radios | Produce and sell TETRA radios | Have developed firmware updates for their products in response to the research findings |
As always, we invite our valued readers to share their insights on this issue. What are your thoughts on this matter? Please share your views with us in the comment section below!
