Researchers Find ‘Backdoor’ in TETRA Encrypted Police and Military Radios

[Lucifer_Morningstar]

Academic "dweebs".

A *real* adversary intent on collecting ELINT will simply
TAKE a working portable off a constable by whatever means required
(steal it, mug the sap, etc). They are NOT going to waste time doing
"hacks" to eavesdrop on dispatch calls (a useless exercise for field
operatives).

Reminds one of this comic strip (not that I favor the miscreant,
given the author was *proudly* posting the Burn Loot Murder / antifa
banner during the "summer of - peaceful - protests").

---> Security

 

[Marawan]

Academic "dweebs".

A *real* adversary intent on collecting ELINT will simply
TAKE a working portable off a constable by whatever means required
(steal it, mug the sap, etc). They are NOT going to waste time doing
"hacks" to eavesdrop on dispatch calls (a useless exercise for field
operatives).

Reminds one of this comic strip (not that I favor the miscreant,
given the author was *proudly* posting the Burn Loot Murder / antifa
banner during the "summer of - peaceful - protests").

---> Security

That is not how it goes

 

[RFI-EMI-GUY]

Academic "dweebs".

A *real* adversary intent on collecting ELINT will simply
TAKE a working portable off a constable by whatever means required
(steal it, mug the sap, etc). They are NOT going to waste time doing
"hacks" to eavesdrop on dispatch calls (a useless exercise for field
operatives).

Reminds one of this comic strip (not that I favor the miscreant,
given the author was *proudly* posting the Burn Loot Murder / antifa
banner during the "summer of - peaceful - protests").

---> Security

Good plan for exactly 5 minutes:

OTAR is enabled via Motorola's FIPS 140-2 certified Key Management Facility.
System operators easily and securely change encryption keys on a regular basis.
If a radio is compromised you have the ability to:
• Remote inhibit – Securely prevent radios from gaining access to the network from a distance
• Remote enable – Securely re-establish a radio’s network access from a distance
• Zeroize – Securely remove a radio’s key material
• Change-over – Securely switch a radio’s keyset to another keyset for use

 

[Lucifer_Morningstar]

You're all missing the point.

The weak link, is the "human element".

Forget the complicated BS, "hacker" nonsense.

You bribe someone, threaten them, etc.

*Everyone* has their "price".

Any 35L (97B) will know this.

 

[RFI-EMI-GUY]

You're all missing the point.

The weak link, is the "human element".

Forget the complicated BS, "hacker" nonsense.

You bribe someone, threaten them, etc.

*Everyone* has their "price".

Any 35L (97B) will know this.

 

[Marawan]

T

Good plan for exactly 5 minutes:

OTAR is enabled via Motorola's FIPS 140-2 certified Key Management Facility.
System operators easily and securely change encryption keys on a regular basis.
If a radio is compromised you have the ability to:
• Remote inhibit – Securely prevent radios from gaining access to the network from a distance
• Remote enable – Securely re-establish a radio’s network access from a distance
• Zeroize – Securely remove a radio’s key material
• Change-over – Securely switch a radio’s keyset to another keyset for

Good plan for exactly 5 minutes:

OTAR is enabled via Motorola's FIPS 140-2 certified Key Management Facility.
System operators easily and securely change encryption keys on a regular basis.
If a radio is compromised you have the ability to:
• Remote inhibit – Securely prevent radios from gaining access to the network from a distance
• Remote enable – Securely re-establish a radio’s network access from a distance
• Zeroize – Securely remove a radio’s key material
• Change-over – Securely switch a radio’s keyset to another keyset for use

Does Tetra have OTAR feature?

 

[Ubbe]

Does Tetra have OTAR feature?

Each basestation, mobile and portable needs to be programmed with a static key by connecting a keyloader to them. Then the system also sends out a dynamic key over the air when a radio affiliates to the system to build the complete key. So perhaps it can be called part OTAR.

/Ubbe

 

[thewraith2008]

Has anyone really looked into what has been presented in this demonstration video?
This video is 'showing' what is needed to make a ESI (the encrypted SSI) into a true SSI. (TA61)
It claims at least three known ESI/SSI pairs can be used to generate the SCK/CCK which then can be used for further ESI>SSI decoding.

Not that I know much about these things, but some things don't add up with what is shown in this video.

While not all aspects of this decrypting process are given/shown (as expected), you should be able use the ESI/SSI and CCK values shown with the tools provided (TETRA_crypto) to reproduced what is seen in video. But you can't. (at least I can't)

Using this groups own tool 'gen_ta61' with the CCK (actually SCK) shown, none of the three SSI/ESI pairs (which are used to generate the CCK) shown as candidates match there paired value whether that's converting to SSI>ESI or ESI>SSI.

This is also true when trying to match any of the shown ESI's shown thoughout the video with any SSI shown after they have 'decrypted' them.

Also noticed when showing the 'decoding' where ESI's are presented, some of these ESI's shown are not even in the 24 bit range (0-16777215). They are higher.

This is very odd, what do you think.

Sorry to kick this thread alive but it's the only place that's seems relevent here.

 

[JvdK]

These guys are not a bunch of schoolguys, they are graduated and experienced IT-technicians. Like you said, due to security reasons they didn’t revealed every trick In the video. There is more information to find in the article they published later. That you can’t do it is not strange. After they discovered this backdoor they informed the Tetra developers and waited a year with their publication so this backdoor could be closed.

 

[Ubbe]

It would probably not work anyhow in most systems to retrieve the true ISSI. Here in Sweden, and I belive in UK as well and most other systems, our nationwide public safety system also have users that are commuter buses, trams, and personnel at kindergartens, and they are forced to use fully encrypted radios and the static key are then also used during the registration process. It needs to be a system that are partially unencrypted, some TG's and users are encrypted and some are not and then has to allow unencrypted registration between basestation and mobile and then encrypt per a TG or user basis during the registration process, so that both the clear and encrypted ISSI can be found in that communication.

/Ubbe

 

[thewraith2008]

That you can’t do it is not strange.

It is when a value, algorithm and answer are provided in video (and GitHub for the algorithm).

Example:

• value = 5
• algorithm - lets just say this is just to double the value (value * 2 )
• answer = 10

But when you do their way, it doesn't work and you get: 2*10=55.
You should be able to reproduce the answers using the SSI/ESI and the tool (gen_ta61) they provide.
Maybe the video is just using mock SSI/ESI which just won't convert to anything real.

This vulnerabilities where never going to be something you could implement/exploit since they could be fixed long before the public could see how it was done. Even if you could, you are still not allowed to make something that could circumvent it in a decoding package.