Researchers Find 'Backdoor' in Encrypted Police and Military Radios (vice.com) 105
A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers. From a report: While the researchers frame their discovery as a backdoor, the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption. The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute. "There's no other way in which this can function than that this is an intentional backdoor," Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.
The research is the first public and in-depth analysis of the TErrestrial Trunked RAdio (TETRA) standard in the more than 20 years the standard has existed. Not all users of TETRA-powered radios use the specific encryption algorithim called TEA1 which is impacted by the backdoor. TEA1 is part of the TETRA standard approved for export to other countries. But the researchers also found other, multiple vulnerabilities across TETRA that could allow historical decryption of communications and deanonymization. TETRA-radio users in general include national police forces and emergency services in Europe; military organizations in Africa; and train operators in North America and critical infrastructure providers elsewhere.
The research is the first public and in-depth analysis of the TErrestrial Trunked RAdio (TETRA) standard in the more than 20 years the standard has existed. Not all users of TETRA-powered radios use the specific encryption algorithim called TEA1 which is impacted by the backdoor. TEA1 is part of the TETRA standard approved for export to other countries. But the researchers also found other, multiple vulnerabilities across TETRA that could allow historical decryption of communications and deanonymization. TETRA-radio users in general include national police forces and emergency services in Europe; military organizations in Africa; and train operators in North America and critical infrastructure providers elsewhere.
from the closer-look dept (Score:1)
Apparently not a very close look, considering there is no link to the Fine Article.
Re:from the closer-look dept (Score:5, Informative)
Link is after the title (vice.com [vice.com])
Re: from the closer-look dept (Score:1)
Re: from the closer-look dept (Score:2)
That doesn't exist on the mobile site.
Re: from the closer-look dept (Score:1)
Re: (Score:2)
That page is designed wholly with mobile in mind.
Big ass pseudo tool bar at the top, very narrow text, the links to other articles giant boxes with pictures. This was designed to be smudged.
Re: from the closer-look dept (Score:5, Funny)
Re: from the closer-look dept (Score:2)
Re: from the closer-look dept (Score:1)
Arrogance is obligatory.
Think of the children (Score:4, Funny)
Now we need to get this time tested backdoor into current end to end encryption platforms. /s
This backdoor is to protect the children! (Score:5, Funny)
After all, pedofiles can also be police, firefighters and military.
Without this backdoor, they can use their encripted equipment to coodinate their pedofile activities, so this backdoor is aligned with the new laws that some countries wnat to pass on end to end encrypted apps.
Glad to see that, for once, the govt is leading by example /s
Re: (Score:2)
IT History 101: Systems with back-doors end up taking it in the back-door.
Re: (Score:2)
Without this backdoor
they just use the next one?
(sorry, didn't bother with the article, my comment might be singularity level of off-topic)
Re: (Score:3)
<in best Nelson Muntz voice:> (Score:4, Insightful)
"HA HA!"
They keep wanting access to everyone else's communications, I wonder how the shoe feels now that it's on the other foot.
Re: (Score:2)
Watchers are watched by the next level of watchers. It's watchers all the way up to NSA.
Re: (Score:2)
Re:So, police radio encryption may be compromised? (Score:4, Insightful)
I'll remember this comment the next 72 times I hear about "woke corporation" horseshit culture war nonsense being spewed from the would-be autocrats topping the GOP polls.
I'll stick with democracy thank you very much, because then we still have the option of tossing the dipshits out at the ballot box.
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
we still have the option of tossing the dipshits out at the ballot box.
Too bad this is option is never used.
Re:So, police radio encryption may be compromised? (Score:5, Informative)
I'd rather we have it and possibly not use it, than not have it at all.
And, for the record, it was used pretty well in 2020.
Re: (Score:2)
Electing someone that isn't looking to "suspend the Constitution" or rip out the bowels of government in order to fill it with "loyal" sycophants that are unconcerned with the law means democracy survives another 4 years, allowing us a future chance to pick someone better.
And for a guy who's so unqualified, he's still managed to get a bunch of crap done including swerving around a debt default in the face of a Republican-controlled House filled with clowns that are more concerned with witch hunt hearings in
Ah, so the Russians... (Score:3, Informative)
Re: (Score:1)
Re: (Score:2)
Really? A lot of the world is using GSM-R now, which is encrypted.
Re: (Score:2)
Maybe the Russians, or maybe not, but they sure could have some fun with this, especially if they deepfake some voices.
My thinking is that they setup a base of operations somewhere in a big city. They wait for normal police chatter to go on, then deepfake a senior officer saying "all units go to number 1 Fake Street". All units go to there, meanwhile they do whatever it is they want to do on the other side of town. The sound of someone's voice is about all the authentication that can really be used on an op
Export controls (Score:5, Interesting)
> the standard was designed for export controls which determine the strength of encryption.
So, yes, the standard was backdoored. Its no secret these crypto standards were set so that TLAs could decrypt them. Case in point: DES. We're still waiting on some elliptic curves, those in NIST are reportedly smelly...
If this comes back to bite states in the backside, I'll consider this the comedy of the year.
Re:Export controls (Score:5, Insightful)
Those are just the headline problems everyone knows about.
If you dig into the specs you will find much more.
Try the DFs (Derivation Functions) in SP800-90A. Just take a look and consider whether those constructions look a bit suspect.
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
> The export controls limit the strength of encryption tech that can be sold to other nations.
And why would you want to limit "arbitrarily" the strength of encryption, unless it is to some non-arbitrary limit that you know you can break if need be. That's a backdoor.
gosh darn (Score:2)
Well, well, well. Now who would want to see vulnerability in law enforcement networks around the world. Gosh.
Hey, has anyone seen my lost bag of coke? That stuff is sure expensive, somebody must be making a lot of money from it.
Re: (Score:1)
lol the amount of coke consumed by Americans must be astronomical. Surprised you don't find bags of it lying around more often. Replaced by meth I guess.
But... (Score:3)
My government tells me that encryption backdoors are good and necessary.
Which is it?
Re: (Score:1)
They sure seem to love it. They put that shit on everything, even themselves.
Re:But... (Score:4, Informative)
Good for thee but not for me.
Re: (Score:2)
They're only good if the Enemy is using the backdoored algorithm.
We have always been at war with Eastasia.
Export Grade Encryption (Score:5, Informative)
I wonder if the editors know that the way they're linking the article just doesn't show up in mobile? Good thing I read it a little while ago.
The issue is someone took the serious effort to export data out of the secure enclave of the radios. The encryption algorithms are decades old, and from the time when you needed a license to export anything greater than 40 bits. The back door they're talking about is being able to trigger the use of export grade encryption, dropping down the complexity to only 32 bits. Back in the 90s they thought this was good enough. But these things are still in use today and the algorithms were closed source and kept secret. Now that someone has been able to look at them, they discovered issues that can't easily be fixed.
There are a total of four algorithms, and the one with the back door for export grade encryption is the one for commercial use. The one used for emergency services, including police, has some funniest stuff in the S-box functions that raise all sorts of red flags.
Encrypted link? Veeery clever, /. (Score:1)
> I wonder if the editors know that the way they're linking the article just doesn't show up in mobile?
I don't see it on a desktop either. Here's a related article from Wired [wired.com]
Re: (Score:2)
The one used for emergency services, including police, has some funniest stuff in the S-box functions that raise all sorts of red flags.
That sounds like that'd be interesting to read up on. Know of any layman-friendly discussion of the subject?
Re: (Score:2)
No. :-)
Cryptography Engineering by Ferguson, Schneier, and Kohno discusses them a bit in the section on DES, as well as their use in the AES and Twofish cyphers. Schneier's Applied Cryptography goes into the implementation in DES in more detail (2-pages).
An S-Box is a substitution box that provide nonlinearity. It is basically just a lookup table that is publicly known. Without them, a cipher can be written as a bunch of binary additions, which would make it easy for a mathematical attack using linear algeb
Re: (Score:2)
Re: (Score:2)
This is the quote from the Wired article [wired.com]:
They thought they found something suspicious in a substitution box, or S-box, used in the algorithm, which contains a bad property they say would "never appear in serious cryptography." The researchers didn't have sufficient skill to examine it to determine if it was exploitable. But Leander's[1] team did examine it and he says it's not.
"In many ciphers if you used such a box it would break the cipher very badly," he says. "But the way it's used in TEA3, we couldn't see that this is exploitable." This doesnâ(TM)t mean someone else might not find something in it he says, but he'd "be very surprised if it leads to an attack that's practical."
That just makes me want to dig. :-) They're giving a talk at Black Hat [blackhat.com] on August 9th.
[1] - Gregor Leander, a professor of computer science and cryptographer with a security research team known as CASA at Ruhr University Bochum in Germany.
HackRF (Score:2)
I wonder how this happened (Score:3)
It's not a bug, it's a feature! And if I wanted to bet on how this "feature" got so thoroughly entrenched in the cybersecurity universe, my money would be on one of those Israeli companies that seem to have a finger in every security pie in the so-called "free world".
god damn it (Score:1)
Re: (Score:2)
They held onto this for 18 months so that all the stupid agencies could change their practices. They should have released the information with full exploits immediately.
Agreed.
Re: (Score:2)
They held onto this for 18 months so that all the stupid agencies could change their practices.
18 months is nowhere near enough time for them to replace that amount of equipment, and most would need to be replaced. My better half worked as a civilian crime analyst for a local PC for about 10 years and I was frequently shocked at the specs of the equipment they were expected to use. Equipment so old that I would have long ago scrapped it as it was beyond even flogging on eBay. Not to mention, completely worn out.
In these times of "Defund the police" they will never get the funding for a project thi
Re: (Score:3)
They held onto this for 18 months so that all the stupid agencies could change their practices. They should have released the information with full exploits immediately.
If they'd done that, they'd have been branded black hats or terrorists, and wouldn't be around to bring you more discoveries over the next several years.
Re: (Score:2)
They should have released the information with full exploits immediately.
Then aforementioned 'dumb agencies' would retaliate against them, and they'd have racked up millions in legal fees if they wanted to defend the criminal lawsuits.
what matters is not that it is there, BUT... (Score:3)
Re: (Score:2)
_NSA_KEY
Re: (Score:2)
An0m phone (Score:2)
Oh god, this is the An0m phone story again, but with the roles reversed.
The An0m phone was supposedly a secret encrypted criminal communications network just for insiders who could get their hands on the special phone. You entered a particular sequence of button presses into the Calculator app to launch the secret messaging tool. Meanwhile, the FBI got a copy of everything actually sent on the network.
Now we have law enforcement that's supposed to get all this special secure gear just for their own use, b
It's an ETSI spec. So you know it has a back door. (Score:5, Informative)
One time on one of my occasional visits to etsi, a guy from SAGE (the ones who produce the back doored crypto for all the etsi specs) presented the "AES base protocol" proposal that was asked for by 3GPP.
I shit you not, the ICV was 16 bits.
After the meeting, I caught the guy outside and asked why it was 16 bits and his response was a Gallic shrug and "Zat eez what zey asked for".
So the fix was in and GSM was doomed to remain insecure.
Re: (Score:3)
At this point, every encryption standard that had American, Canadian, European, or Australian contributors should be either very suspect, or completely untrusted.
I'm starting to doubt AES after some of this news.
Re: (Score:2)
Encryption (Score:5, Interesting)
Re: (Score:1)
You found one of the rare good ones.
More common among Sheriffs than Poloc
Still rare.
Blackhat (Score:2)
Re: (Score:2)
I'm going to DEFCON but frankly can't justify the entry price for Blackhat. Is there some other way to get their presentation? If not, I'm sure I can buy someone who attends both conferences a few beers and he'll tell me about it.
Just be sure you pay for those beers with cash. :)
Re: (Score:2)
Don't use the L word (Score:2)
> The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute.
GOP: "That means Hunter probably got into it. Lockim up!"
backdoor equiv of 80-bit browser, w/bad salt (Score:2)
So this is like the 80-bit for export standard, with the initial mozilla browsers that used a trivial seed.
It even says its for export use.
Seems most "users" would have at least upgraded to a 128-bit or higher version, but this standard is ~20 years old. Who still uses an 80-bit encryption with the time/date stamp as a seed?
Re: (Score:3)
>Who still uses an 80-bit encryption with the time/date stamp as a seed?
Police departments blowing their budget on traffic duty OT, body armour, and assault rifles instead of comms.
In fact, plenty of police departments in my region were still completely unencrypted a few years ago (the last time I bothered to check). Some of them had one encrypted channel (not their primary) with everything else in the clear.
Re: backdoor equiv of 80-bit browser, w/bad salt (Score:3)
In fact, plenty of police departments in my region were still completely unencrypted a few years ago (the last time I bothered to check). Some of them had one encrypted channel (not their primary) with everything else in the clear.
Ahm, isn't this how it's supposed to be? I mean... they aren't doing anything illegal there that needs hiding, are they?
Re: (Score:3)
They actually do have a legitimate reason for encrypted comms - it was pretty easy back in the day to break into a home and then listen to the dispatch channel for a police response. The bigger the crime, the more likely a criminal would invest in a scanner to help them evade the police.
Tow companies also use scanners to get to accident scenes before the cops. Sounds like a good thing - getting cars out of the way of traffic - except that it leads to predatory tow companies driving dangerously to get the
Re: backdoor equiv of 80-bit browser, w/bad salt (Score:3)
Every example you cited can - and should - be solved differently.
The burglary part for instance is an example of "don't tip the bad guys off", available in several variations. What it doesn't account for is that that scenario only occurs in few cases (e.g. when the bad guys obviously tripped an alarm, and there ia nobody else around to respond, e.g. neighbors or private security).
I don't think that crucial interests of the public should have to dance around the "limitation of the day" of law enforcement. In
Another Crypto AG? (Score:4, Insightful)
Assume any closed source encryption standard has a backdoor.
I'm not sure ... (Score:2)
[1] Possibly for presidential visits. To comply with Secret Service interoperability requirements.
[2] A balloon.
Midnight blue url (Score:5, Informative)
Why hasn't anyone looked up the guys who discovered this yet? Anyway, here's the link to some actually interesting information [midnightblue.nl] regarding this.
Re: (Score:3)
Why hasn't anyone looked up the guys who discovered this yet? Anyway, here's the link to some actually interesting information [midnightblue.nl] regarding this.
Nice. Thanks!
GNURadio (Score:2)
Not a back door, a front door (Score:2)
I wouldn't call this a back-door. It's more of a front door: the explicit intent of limiting the strength of export-grade encryption was to allow easy decryption. The authorities tried their best to pretend only they would be decrypting things, but math doesn't work that way. So TEA1 ends up in the same bin as single-DES as intended and everybody knows it.
never the purpose (Score:4, Insightful)
The police radios were never designed to be secure: just difficult enough to obscure the communications from interception by the public (including the criminal public). Now it's been a few decades, and your iWatch can break the security. That just means it's time to upgrade the hardware. That the (federal) government had put a backdoor to the (local) government walky-talkies that they insisted everyone use, is that supposed to be a big surprise? To anyone? The manufacturer has admitted it's a feature, not a bug. (Well, there's bugs, too. I mean besides the radios being bugs!)
Well... (Score:1)
...it seems to me this is exactly the reason for export controls.
Wonder What's in Baofeng 2-Meter/70cm Radios? (Score:2)
I suspect that during any emergency, the unlicensed preppers would foul up both RACES and ARES--and it was all made possible to Amazon, who doesn't give a rat's ass who they sell a radio to.
What is this TETRA thing? (Score:1)
I am the public safety radio engineer for a fairly large city, and I was always under the impression that our P.25 radios used AES-256 encryption. Are these a different type of radio? Or do I need to be worried about our systems? Honest question.
Re:What is this TETRA thing? (Score:4, Insightful)
TETRA appears to be the EU version of P25, somewhat more popular, and like P25 it has had plenty of cryptographic updates over the years. P25 can do AES265, so can TETRA.
So, why did we all waste our time reading about how obsolete encryption on obsolete hardware is vulnerable?
Re: (Score:2)
Re: (Score:2)
The real concern, in my possibly worthless estimation, would be for African cities using third-hand radios in areas where there are or may soon be wars. Exploiting the weak cryptography to cause chaos for emergency services
Re: (Score:2)
Look at Schoenlepel's comment. He links the actual article by the people who did the research - it's not as simple as you think.
Obsolete encryption on obsolete hardware is... (Score:2)
Why did they bother?