Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others.

  • @[email protected]
    link
    fedilink
    41 year ago

    Funny how this came out when there’s been a renewed push for backdoors in cryptography. They all seem to forget that all it’d take for an adversary to get in is for them to find the backdoor… Sadly this kind of thing is pretty common in the radio sphere - the “basic” encryption (better called ‘privacy code’) on DMR radios is often one of 16 or 256 different codes, and the next step up is 40-bit ARCFOUR. For AES, you have to pay through the nose for software licences, and most users won’t or can’t bear the costs. The only good news is the higher-tier algorithms like TEA2/TEA3 weren’t vulnerable - and they’re more likely the ones in use by emergency services.

    • Ret the Folf
      link
      fedilink
      21 year ago

      @cosmo @stefenauris @bersl2 agree except that TEA2/3 weren’t vulnerable *in this particular study*. ETSI/TCCA are (foolishly, I think) sticking to their guns on the algorithms being tightly controlled. Without proper, widespread academic scrutiny there is little confidence that they are *actually* secure.

      • Ret the Folf
        link
        fedilink
        31 year ago

        @cosmo @stefenauris @bersl2 I like how the researchers in their release squarely blame the TEA1 issues on failure to adhere to Kerckhoffs’s principle; but ETSI in their response completely fail to address that and adopt a “this is fine” stance.