Sensitive Police, First Responder Communications Tech Used Flimsy Encryption And Suffered From Numerous Vulnerabilities For Years
from the whoops-a-daisy dept
Transparency is good, actually.
For decades numerous sensitive infrastructure, military, and first responder systems in Europe and the U.S. have utilized a radio standard dubbed TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and other major vendors. For 25 years secrecy surrounding the encryption algorithms used in TETRA kept researchers from taking a closer look at the technology… until now.
And what they found… wasn’t great. Researchers found that the encryption algorithm baked into radios sold for commercial use in critical infrastructure contained five major vulnerabilities and a “backdoor” (more akin to an open front door) that vendors apparently knew about, but many customers weren’t aware of.
The vulnerabilities were technically found by independent researchers in 2021, but weren’t revealed until vendors could develop patches. But given an ongoing lack of transparency, whether those updates have been implemented and what hardware is impacted isn’t broadly understood:
Carlo Meijer, Wouter Bokslag, and Jos Wetzels of Midnight Blue in the Netherlands discovered the TETRA vulnerabilities–which they’re calling TETRA:Burst–in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it’s not clear which manufacturers have prepared them for customers. Motorola—one of the largest radio vendors—didn’t respond to repeated inquiries from WIRED.
TETRA Is primarily used in Europe in police, military, first responder, infrastructure, and other key communications. While less common in the U.S., Kim Zetter at Wired worked with the researchers to discover the standard was in use across a number of sensitive industries and agencies here in the States as well:
Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.
The TETRA standard itself is easily reviewable, but the platform’s encryption algorithms are only made available to trusted parties that sign an NDA. To find the vulnerabilities, researchers purchased an off-the-shelf Motorola MTM5400 radio, dug into the radio’s firmware over four months, then used several zero-day exploits to defeat the Motorola-implemented protections.
Wired goes on to note that while the standard is still widely in use, the Snowden files contain information suggesting the NSA and GCHQ knew about and potentially exploited these vulnerabilities as early as 2007.
Filed Under: encryption, first responder, infrastructure, intelligence, law enforcement, national security, police, privacy, security
Comments on “Sensitive Police, First Responder Communications Tech Used Flimsy Encryption And Suffered From Numerous Vulnerabilities For Years”
See. Security through obscurity works.
It took 25 years before people even knew that they got sold shoddy goods. And 16 years before they found out that the shoddy goods had been compromised.
That is a lot of profit without having to invest the corresponding effort.
Re:
Only when putting cranium in sand
Oh, TETRA was supposed to be secure?
How amusing. No one with more than a few seconds of experience actually thought that. What they said would be different. Threats about saying too much too loudly were frequent to those in the tech community that were dumb enough not to see how the wind blew without having to be explicitly told.
If anyone technical thought TETRA was secure, they were quickly and quietly disabused of that misconception. Anyone too dumb to see it when it was blatantly pointed out should have had their commercial class FCC license revoked. It likely would be somewhat redundant; they they were that dumb, respiration was a bridge too far.
For years and years, TETRA decoders were available. I think the best I saw was a Raspberry Pi with two software defined radios. Pretty slick, cost under $150 and about 20 minutes to get working.
Re: Re:
Whoa, maybe read the whole comment before going of on a rant?
Especially the last line that make clear for who the security through obscurity was worth it.
And no TEA-1, or TAA-1 (can’t be bothered to check), was never meant to be secure. The US would not have allowed international distribution of the standard (side effect of encryption standards being developed while the US considered selling any encryption that couldn’t be broken by an 8088 the same as trafficking nukes). The other 3, that is TEA1/TAA1, TEA3, TEA4 were supposed to be secure and they still are in the sense that you can’t hack into a conversation on the fly yet but you can with preparation do some interesting things.
Re: Re: Re:
Well, not originally. It was intentionally weakened. But there’s a good chance that this knowledge was obscured by the mists of time such that the public safety agencies, and maybe even some manufacturers (who probably just dropped in some binary blob to handle the crypto), thought they were getting a secure system.
It’s said that TETRA itself is a public standard, though I don’t know about paywalls etc.—there was no LibGen when it was created. It’s the crypto algorithms that were effectively secret. Even now, it’s hard to even find reference to their names, except in these recent stories about them being broken.
Re: Re: Re:
I’m going to have to concede your point.
NSA/GCHQ: If we told them about the open window they'd close the curtains!
TETRA Is primarily used in Europe in police, military, first responder, infrastructure, and other key communications.
Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.
With all those sensitive and important users it’s a good thing that the security it so top notch, I mean can you imagine something used by the likes of international airports, militaries and infrastructure systems being protected by the equivalent of ‘No peeking behind the curtain?’
To find the vulnerabilities, researchers purchased an off-the-shelf Motorola MTM5400 radio, dug into the radio’s firmware over four months, then used several zero-day exploits to defeat the Motorola-implemented protections.
… ah. Oops?
Re:
For now, it’s pretty much just laws and radio strength stopping people from impersonating air traffic control or other aircraft. We’re kind of hoping that nobody would do that, or that if they did, the real ATC could issue corrections before anything went terribly wrong. That was the plot of Die Hard 2 in 1990, and nothing much has changed since. It’s probably easy to fuck with an uncontrolled airport.
Re: Re:
Well the radios used in aircraft, and by air traffic control are meant to allow ant aircraft talk to any other aircraft, or traffic control, with the frequencies to use also being well known. That is, it is by design an open system, and security limiting its use would make it useless.
Re: Re: Re:
Why would a secure system that allows the traffic it’s “meant to” allow, as quoted above, be useless? It might be less useful, more fragile and costly, maybe even a bad idea, but certainly not useless.
Even an unencrypted system could be “protected” with some kind of cryptographic authentication, such that the towers and expensive jets couldn’t be spoofed. I don’t see any pressing need for it, but it’s possible.
Re: Re: Re:2
you are missing the prime requirement of the radio use by aircraft and ground controllers, everybody in range should be able to hear messages, and anybody using the radios should be able to talk to everybody else. There is some protection in controlled air space in that there are standard approaches and procedures and clearances. That is the pillows know what the controllers will tell them, and approximately when, and when the need to contact the controllers. Outside of controlled air space, the radio is used for informative broadcasts of intent, along with flying the pattern for landing and take offs.
Let no one say that EU governments are not consistent in their anti-encryprion stance.
They started it years ago by denying reliably encrypted communications to they own armies and police.
So all the modern day critics of snoop… I men of “protecting the children” should shut up.
(all that above was sarcasm and bitterness in case anyone’s wondering)
Re:
But substitute “US government” for “EU governments” and you’re pretty much on the nose, as I wrote below. The American anti-encryption stance of the 1990s was the root cause. Motorola basically couldn’t have exported strong encryption to the EU; not without administering a complicated licensing regime, anyway. Companies had to choose between having two versions of their radios—a strong US one (maybe exportable to allied militaries etc. with authorization) and weak international one—or just weakening everything. Don’t forget that international first-responders sometimes need to communicate with American ones, such as during the 9/11 attack response with its infamous shit-show of incompatible radio systems.
I still remember having to provide my name and address to Microsoft and Netscape to download the secure American versions of their web browsers. Otherwise I’d have been doing web banking with 40-bit SSL.
Well, if the Police and Military have done nothing wrong, they’ve got nothing to hide.
A premonition
Here’s a Usenet thread from 2004 about TETRA security—which, to anyone familiar with the history of computer security, could’ve been seen to predict exactly this event.
“TEA2 is used in TETRA networks to encrypt data. I know there where security problems with TEA, but what about TEA2? Any known vulnerabilities? How strong can TEA2 be concidered?”
“My impression is that the TETRA encryption algorithms (TEA1-4) are all confidential. Perhaps that is why Google doesn’t give you any clues? Has there been any public review?”
Had the details been public in 2004, this probably would’ve been noticed. After all, it’s not a deep cryptographic flaw, but a deliberate key-strength reduction. And there were people (presumably HAMs) trying to reimplement it in their own radios.
Karl, there’s a really important component of this story that you haven’t mentioned: the reason for this backdoor. Also see Bruce Schneier’s blog post and the Vice article Bruce links to.
The reason is the “crypto wars” of the 1990s, when strong cryptography was considered a munition and was illegal to export from the USA (except to Canada, from where it could also not be exported). It was even believed to be illegal to give details in speeches attended by foreign nationals. Eventually the author of Pretty Good Privacy (PGP) published it in book form, with a computer-readable font, and exported it—figuring that even the most dim-witted judge would notice certain constitional problems with the goverment trying to ban the export of books. That’s where “PGPi” (“i” for the “international” version) came from. The laws, having been proven useless, were then relaxed in the USA and elsewhere, but systems such as TETRA and GSM had already been developed as “export-grade”.
Governments have been bitching about criminals “going dark” for quite a while now, and pushing to bring back restrictive laws and backdoors. But we’re still dealing with the fallout of laws that were repealed decades ago, and probably will be for decades more.
Backdoors don’t work, and secret crypto does not work. You want a twofer? Look up the history of the Clipper Chip, developed and promoted in the 1990s by the NSA as a form of “acceptable” “secure” crypto for the public. The NSA would be able to read any message, and users wouldn’t be able to stop them from doing so, but it would be otherwise secure. Long before the actual cipher was declassified, Matt Blaze found a brute-force attack that would let people reprogram their “secure phones” etc. such that they’d appear to work normally to everyone but the NSA—who’d see their decryption attempts fail if they ever tried to use the backdoor. (Did the NSA fuck up the backdoor? The flaw is so obvious one can’t help but wonder whether their crypto-makers were “maliciously complying” with the backdoor requirement of the crypto-breakers.)
Not sure if these radios should even be encrypted. In most places they’re not and anyone can get a receiver and pick up a live feed. And they’re surprisingly boring, I’ve listened to dozens of dispatchers shoot the shit with responders and occasionally call in a response for a fire alarm or EDP (emotionally disturbed person). The only time you’d want them encrypted is if you’re dealing with an active major crime situation and the perp could be listening. In which case it would be useful to be able to enable encryption but it shouldn’t be the default.
Re:
Or when personal information is being shared. Some countries even have laws about that. I wouldn’t want information about my medical status being published, for example, but the paramedics do need to know.
Re: Re:
PII may be on the 911 call but I’ve never heard it broadcasted to first responders. The calls are a lot more boring than most people would think – you can listen to some on broadcastify dot com if you’re curious.
Re: Re: Re:
It used to be. They tend to have laptops now which also show GPS maps, maybe flip some traffic signals etc. I don’t know whether those communicate via TETRA, 4G, or something else, but it’s not voice communication, so you wouldn’t hear it.
In the past, someone with a scanner could often hear addresses in conjunction with injury or crime descriptions.
Re: Re: Re:2
Ah you’re right there can be addresses. Often what’s said not an exact address – instead it’s a block or intersection – but sometimes it is exact. I’ve never heard people’s names. Sometimes a description of the suspect or victim is given. Not sure that justifies encryption though. There is a public interest in these broadcasts – some journalists use them.
Re: Re: Re:3
Until you’ve been involved in real incidents and heard what is transmitted over ‘radio’ you’ll have little insight into what is or is not in need of encryption. All sorts of very sensitive information that the over-curious public might be interested in (rather than what’s actually in the public interest) will be transmitted in confidence because the emergency services need to share that information in order to safely look after the interests of the public.
Re: Re: Re:4
Yup. A message could be something like “Paramedics are needed at (address) for a 40-year-old female who’s unconscious; the patient is diabetic.” People who live nearby and hear that might know exactly who it is, and now know a medical status that maybe they didn’t before. Nevermind what people can do reverse address lookups, voice recognition, data-mining, etc. What about something like a heroin overdose, and all the social stigma that might come along with it?
(I have relatives who live in a seniors’ building. Ambulances visit regularly, and the rumors fly quickly.)