The Terrestrial Trunked Radio (TETRA) standard, developed by the European Telecommunications Standards Institute (ETSI), is one of the most widely used radio encryption communication standards globally. It is extensively adopted by communication equipment manufacturers such as Motorola and Sepura, with applications spanning over 100 countries, primarily for encrypted communications in police, rescue, military, and critical infrastructure industrial control systems.
In 2023, the Dutch security company Midnight Blue’s research team released a report stating that the encryption algorithm of TETRA has a “backdoor,” allowing for rapid decryption of radio encrypted communications between certain devices. Subsequently, ETSI recommended that users conducting sensitive communications with this algorithm should implement “end-to-end encryption” on top of TETRA. However, in August of this year, the Midnight Blue team announced again that at least one end-to-end encryption system recognized by ETSI also has vulnerabilities similar to the TETRA “backdoor.”
Researchers believe that users may unknowingly be using a vulnerable, easily compromised radio encryption communication system.
Coincidental ‘Backdoor’
TETRA was released by ETSI in 1995. The standard includes four encryption algorithms—TEA1, TEA2, TEA3, and TEA4—that radio equipment manufacturers can use based on product purpose and customer needs. Nominally, all four encryption algorithms use an 80-bit key, which still provides a high level of security even today.
Since its inception, TETRA’s encryption algorithms have remained confidential, only available to trusted third parties who sign non-disclosure agreements, such as radio equipment manufacturers like Motorola. Manufacturers must also implement protective measures in their products to ensure these algorithms cannot be easily extracted and analyzed.
Dutch researchers purchased a specific model of Motorola radio equipment and bypassed Motorola’s protective measures to locate and extract these algorithms. Upon reverse engineering the algorithms, they discovered a “backdoor” in TEA1.
TEA1 has a feature that can reduce the key length to 32 bits. The researchers were able to crack this key in under a minute using just a laptop. More seriously, this “backdoor” could even be used to inject false information into the radio communication system. Matthew Green, a cryptographer and professor at Johns Hopkins University, described this key as a “disaster.”
Coincidentally, among the four encryption algorithms, TEA1 is exported for use in countries that are “non-friendly” to the EU; TEA2 is restricted to use by police, military, and intelligence agencies in Europe; TEA3 is available for use by “friendly” countries; and TEA4 has almost no applications. The researchers did not find similar “backdoors” in the other three algorithms.
In 2023, Midnight Blue publicly released a technical report on the TETRA vulnerabilities. Following this, ETSI recommended that customers using TEA1 enhance security by adding end-to-end encryption technology developed for TETRA by the International Critical Communications Association’s security and fraud prevention group.
Similar Vulnerabilities
Simply put, TETRA’s TEA encryption algorithm is the first lock ensuring the security of radio communications, while end-to-end encryption serves as a second lock when the first lock is deemed unreliable. This technology employs a 128-bit key, primarily targeting security agencies with higher communication security requirements.
However, this second lock also appears to be unreliable.
Recently, the Midnight Blue research team extracted and reverse-analyzed the end-to-end encryption algorithm used in a specific model of Sepura radio equipment. They found multiple vulnerabilities, the most severe of which is similar to the TETRA “backdoor,” allowing the 128-bit key to be reduced to 56 bits, potentially compromising encrypted communication data.
The research team released a related report in August, stating that although they did not assess the end-to-end encryption algorithms in other devices, “we believe they are likely affected by the aforementioned or similar issues.”
In addition to the similarities in vulnerabilities, it is noteworthy that ETSI and the International Critical Communications Association not only collaborate closely but also share several common members. For instance, Brian Mergatroyd was responsible for TETRA at ETSI and has led the security and fraud prevention group at the International Critical Communications Association.
The research team discovered that the end-to-end encryption algorithm calls an “identifier” that seems to determine whether to use a 128-bit or 56-bit key. This means that radio manufacturers can choose the key length for their devices.
Mergatroyd responded in a media interview that customers purchasing TETRA end-to-end encryption devices might know whether their systems use simplified keys. However, Midnight Blue’s founder, Wetzels, stated that they conducted extensive open-source research and reviewed the documentation from equipment suppliers, finding no clear communication to end users about the simplification of keys.
Wetzels remarked that if users were aware they were only receiving security protection with a 56-bit key, they would be unlikely to spend millions of dollars on these devices.
According to reports from American technology media “Wired,” documents leaked by Snowden indicate that intelligence agencies from multiple countries, including the NSA, GCHQ, and the Australian Signals Directorate, have intercepted TETRA communications from targeted countries, but it remains unknown whether they exploited the aforementioned “backdoor” or vulnerabilities.
Source: Science and Technology Daily
Editor: Xiao Peng