back to article TETRA radio comms used by emergency heroes easily cracked, say experts

Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations. The flaws, dubbed TETRA:BURST, are said to affect all …

  1. Anonymous Coward
    Anonymous Coward

    Really need to fast track a NIST style open radio design competition

    Then assign the winners primary use of the radio bands. Letting Motorola or one of these other companies tender in house proposals just leads to what we saw in the last two generations of systems. Buggy and overpriced crap that then gets delivered late and never fixed.

    If they have to compete with an open protocol and an open manufacturing spec, they will have a tougher time getting more than one dip in the pork barrel, and our EMS/Fire/Law enforcement may actually get decent gear for once. Sadly my military won't let your military buy toys they can't listen in on, and they are too corrupt to buy them themselves, so that's one huge miss right there.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really need to fast track a NIST style open radio design competition

      NIST Style, but without NIST and their TLA partners who are suborning everything.

    2. Anonymous Coward
      Anonymous Coward

      Re: Really need to fast track a NIST style open radio design competition

      The secure military radio network I worked on back in the late 90's used a box supplied by an agency for encryption.

      The payload was encrypted before it had golay data and a crc32 added.

      The company supplied the frequency hopping transmitter, receivers and developed all the hardware and software.

      Based on this knowledge I suspect that tetra system is only used by emergency services in the UK and not for military use other then in a civil emergency.

      The bigger scandal is how much we as a country have over paid for the tetra system.

      1. Justthefacts Silver badge

        Re: Really need to fast track a NIST style open radio design competition

        Tetra is, in the modern world, a boondoggle. However, the world it was released into, 1994, it was leading edge and no practical alternatives. It was an excellent solution for a real specific need. And that’s why dozens of countries, not just the U.K., plumbed it into the critical services. Today, the problem is there is no stepwise way for a radical change of whole emergency service equipments to some of the more obvious alternatives.

        As to the whole “open source the radio/crypto” crowd. Had we listened to that in *1994* when Tetra was released, it would have been cracked *almost immediately*. DES being cracked was still four years in the future. GSM algorithms being cracked were a decade in the future. None of the “secure by design” algorithms for streaming data (as in - not RSA4096) have lasted 30+ years, *only* the secure-by-obscurity. Until today. Had we listened to that crowd *thirty years ago*, we would already be living in a hell scape, free fire death zone ruled by splatterpunks a decade ago. Of course, *now* yes we should use NIST-style crypto standard, although it would be pure folly to run a new competition. Pick the 5G NEA standard and you’re done.

        1. David Shaw

          Re: Really need to fast track a NIST style open radio design competition

          it was leading edge and no practical alternatives

          ….other than pre-existing Tetrapol, (French/Spanish gendarmes etc digital radio) evolved *much* faster than TETRA, and was handling data (e.g. fingerprint reading on a Spanish beach) much earlier than TETRA/Airwave

          More at https://www.sigidwiki.com/wiki/Tetrapol

          just an informed observer

          David.in.italy

        2. Richard 12 Silver badge

          Assumption without evidence

          TETRA certainly has been cracked, repeatedly, by many actors, state and criminal.

          This is merely (probably) the first published one. Criminals and state actors tend to keep such things a closely guarded secret.

          Security by obscurity is how you get vulnerabilities like "80 bits cut down to a trivially-brute-forcible number", because the vendor can claim some large number of bits while actually only using four.

          The vast majority of customers don't have the expertise or budget to check for trivial errors - forced or unforced - and the ones that do are bound by contract not to let anyone know about the holes.

        3. Michael Wojcik Silver badge

          Re: Really need to fast track a NIST style open radio design competition

          Oh, what a load of rubbish.

          For one thing, RSA is not an "algorithm[] for streaming data". It's an asymmetric cipher.

          DES is certainly too weak (the key's too small, and it's vulnerable to linear cryptanalysis) for modern security, but we had 3DES since 1981, and in a streaming mode (CFB, OFB, and CTR were all documented well before 1994) it's a stream cipher with no published cryptanalysis requiring less than ~284 encryptions if you rotate keys on a reasonable basis (i.e. before 232 blocks, to prevent Sweet32 attacks).

          For TETRA purposes, where attackers have few routes to drive a large number of known-plaintext encryptions, even RC4 would likely be fine.

          TEA1 is just a bad, deliberately-broken cipher.

      2. phuzz Silver badge
        Trollface

        Re: Really need to fast track a NIST style open radio design competition

        The UK military wish they were using something as modern as TETRA...

  2. dermotw

    There are others

    There is more than one algorithm available in TETRA. Also, end users can create their own, although I don't know how many ever did...

  3. Anonymous Coward
    Anonymous Coward

    And again ..

    .. a backdoor of US origin.

    No wonder Huawei had to go.

    1. dermotw

      Re: And again ..

      Err well nope. ETSI is European, everything created by commitee of members.. Including Moto of course, but in company with every other major manufacturer.

      1. b0llchit Silver badge
        Black Helicopters

        Re: And again ..

        erhm... like the CIA owning that cryptography business in Switzerland? The US would never interfere with standards... Really! Pinky-swear!

    2. DS999 Silver badge

      Re: And again ..

      It isn't a "backdoor" if encryption is weak, and you have options to use stronger encryption.

      A backdoor would be if it provided strong encryption, but it was found to have been deliberately designed with a weakness the designer hoped to keep secret.

      1. Michael Wojcik Silver badge

        Re: And again ..

        Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping.

        ...

        And I would like to point out that that’s the very definition of a backdoor.

        Bruce Schneier

        I'll take the opinion of an actual professional cryptographer in this case.

  4. Justthefacts Silver badge

    Spectacularly irresponsible.

    Certainly we may criticise security by obscurity. But in this case, that decision was hard-coded when it was spec’d and rolled out thirty years ago. It’s done, no point crying about it. If it’s insecure, the *only* security was that the implementation engineers who signed the paperwork to keep the encryption spec confidential, kept their word. These guys reverse engineered that, they effectively released secret key material for every emergency service in Europe, in one fell swoop.

    There are no real mitigations - the claim “oh they will just have to do encryption over the top” is nonsense. Europes police and fire services are not going to all just retrofit an extra scrambler on all their radios. Budgets aren’t magically going to be increased to provide a complete replacement of all their radio equipment with Tetra Upgrade or whatever. This is not just downloading an extra app. Ok, the encryption may be insecure in theory, but there just weren’t any exploits out there in the wild in practice…..until these guys did it.

    The police, fire and ambulance services weren’t at risk, until this was released. Now they are.

    Releasing these CVEs without viable mitigation is just totally unethical however long they waited. Really badly done, sir, badly done.

    1. OhForF' Silver badge

      Re: Spectacularly irresponsible.

      We may criticise security by obscurity but proving it doesn't work is spectactularly irresponsible?

      The encryption was intentionally weakened meaning there must be some agency with the clout to push that weakened algorithm through and it is not unlikely they although made sure this is nailed down by the spec so they can listen in during the complete life cycle of TETRA. In effect someone is able to listen in on all the confidential conversations while having plausible deniability and you think the problem are those making that knowledge available to the services using TETRA and the general public and all would be fine if they just didn't say anything?

      1. Justthefacts Silver badge

        Re: Spectacularly irresponsible.

        Do you want to assign blame for past IT mistakes…. or do you want people to die in pain waiting for an ambulance that will never come because script kiddies? That’s literally the choice they made. They chose: assigning blame, feeling smug superiority, and many innocent people in forty countries who have not even heard of Tetra will end up dead. Security by obscurity *did* work, for thirty years, right until yesterday. If I had to design a new system any time in the past twenty years, I wouldn’t do it that way.

        As somebody else has said, there is no scenario of “[NSA bogeyman] able to listen in on all the confidential conversations”, because military radios don’t use Tetra unencrypted. Only ambulances, fire services, police do. Quite probably someone had *plans* to do something naughty in 1990, but that world no longer exists.

        1. Anonymous Coward
          Anonymous Coward

          Re: Spectacularly irresponsible.

          As somebody else has said, there is no scenario of “[NSA bogeyman] able to listen in on all the confidential conversations”, because military radios don’t use Tetra unencrypted. Only ambulances, fire services, police do

          Incorrect - emergency services use encryption on TETRA

        2. Roland6 Silver badge

          Re: Spectacularly irresponsible.

          > there is no scenario of “[NSA bogeyman] able to listen in on all the confidential conversations”

          May I remind you about:

          1) Enigma, an encryption system the UK/US were able to decrypt, yet we supported the promotion of it as being secure for other countries diplomatic communications…

          2) In more recent times, the eavesdropping of Merkels phone…

          So I suggest there is a reasonable case the UK/US played a big part in weakening the encryption, so that they could if circumstances arose, eavesdrop on Tetra communications; wherever in the world Tetra would end up being used…

          However, whether the US/UK actively listened in, is another matter, although I would not be surprised if they do when the President is in Europe.

      2. SVD_NL Silver badge

        Re: Spectacularly irresponsible.

        This reminds me of an excellent keynote by the LockPickingLawyer. In the physical security world, security by obscurity is a real problem and he talks a lot about the mentality that sometimes exists around it.

        This talk was on a cybersecurity conference.

        https://youtu.be/IH0GXWQDk0Q

    2. Hans Neeson-Bumpsadese Silver badge

      Re: Spectacularly irresponsible.

      These guys reverse engineered that, they effectively released secret key material for every emergency service in Europe, in one fell swoop.

      I'm not sure if it's *every* emergency service. It's a few years since I worked in this field, bit when I did there were a number of European countries using Tetrapol which, despite the similarity in name, is a different technology.

      1. Bartholomew
        Big Brother

        Re: Spectacularly irresponsible.

        The only other thing that they share in common is that their encryption algorithms are secret. As in, not open to public cryptanalysis by security experts around the globe.

    3. DJO Silver badge

      Re: Spectacularly irresponsible.

      ...but there just weren’t any exploits out there in the wild in practice…..until these guys did it...

      Are you absolutely 100% certain of that? Is this the ONLY team in the entire world who could work this out? Can you guarantee there is not a single "black hat" team anywhere in the world who couldn't have replicated this work and not announced it but used it themselves?

      Given that uncertainty, they were 100% correct to inform both users and suppliers that the system is potentially unsecure so the problem can be mitigated.

      1. Dr Dan Holdsworth
        Boffin

        Re: Spectacularly irresponsible.

        There's already another problem with police TETRA; it uses specific frequencies and the handsets like to chatter away to their base station to maintain contact with it. This means that a TETRA handset is like a beacon that says "Police here" to anyone with a software-defined radio system capable of detecting the chatter. Such systems cannot of course decrypt the chatter, but they can crudely determine range based on signal strength.

        This is therefore useful to actual and potential criminals as a way of spotting when the police are in the area.

        A better system might be to use existing 4G and 5G data services and impose this service onto the operators as a cost of doing business in the UK, with the police and other emergency services' comms being given a much higher priority than normal communications.

        That would solve the coverage problems that plague TETRA, solve the encryption woes if a suitable scheme can be employed, and since the chatter of handsets would not be trivially easy to distinguish from normal systems without intensive packet scrutiny then this attack would cease to function too. It might also solve the scarcity of handsets, since a custom Android ROM running on consumer handsets might well work quite well.

        1. Justthefacts Silver badge

          Re: Spectacularly irresponsible.

          There are much better technical solutions than Tetra. Yours is one of them, and would be my preferred. That’s not the issue.

          The issue is that there is no way to get *there* from *here* without re-equipping a workforce of hundreds of thousands of people across Europe, with equipment revamps costing many billions, in the *few weeks left before the zero-day goes live in Las Vegas*, plus maybe another 72 hours to hack together a firmware onto the tens of thousands of cheap grey-market SDRs.

          We are seriously f*ed. There is going to be major civil unrest, on the days when this goes live.

          1. Kayakerdude

            Re: Spectacularly irresponsible.

            There have been 18 months of fixing time.

            If the manufacturers didn't listen to the exploit notifications, if they didn't inform the customers, if they didn't offer a mitigation path, then it's the manufacturers that you lay all of the blame and cost on.

            You can also blame your government for not doing the right thing here, especially with the year and a half they had to fix things.

            You do not shoot the messenger here.

            Oh, and it's been well known that there has been cracked weaknesses for over a decade, and there are open-source tools that already get a lot of info from TETRA transmissions, including the audio. You can be absolutely sure that there are bad-actors with access to TETRA Comms for a long time now.

        2. Peter2 Silver badge

          Re: Spectacularly irresponsible.

          A better system might be to use existing 4G and 5G data services

          They decided to do that in 2014 with development slated to finish 2017 with deployment finishing in 2019 by the TETRA contract expiry date.

          A working replacement wasn't delivered in time, and a 5 year extension on TETRA was put in through to 2022, with the hope that rollout would have been finished in 2022.

          In 2022 they put a further extension in on TETRA with the hope that a working system would be delivered by 2026.

          At which point the police asked if they could have some new TETRA handsets please because the existing ones are heading towards the age of the newest users. But of course they'll be replaced by 2026!

      2. Justthefacts Silver badge

        Re: Spectacularly irresponsible.

        Think of the prize: being able to sniff traffic on police radio would be worth a ten-billion-dollar market opportunity, if you’re a drug-trafficking gang. If it existed, there would be literally tens of thousands of Tetra scanners on the black market. You *can* trivially buy a grey-market Tetra scanner, with open firmware, which receives the signal but can’t decrypt it. So, if you think the vulnerability is known, suggest you try and buy it….the non-decrypting variety are easily googleable.

        This is an unpatchable and non-mitigable zero-day being released that hits the most critical systems for society, synchronously across all sectors and several countries simultaneously. Telling people it exists is of zero help to orgs, other than to tell them that from now on ambulance crews and police are going to *have to rely on their mobile phones*. Maybe you think that’s OK.

    4. Lee D Silver badge

      Re: Spectacularly irresponsible.

      The services were all at risk anyway. This is just the first lot to actually legally and publically look into it, after the EU asked them to (obviously suspecting that there may be flaws).

      You think the criminal gangs that are hacking huge cloud datacentres don't have a few guys who could have done the same at any point in the last 20 years (bear in mind, these researchers had no info or assistance so had to reverse-engineer everything just the same!) and the whole thing been compromised for decades?

      It's not a Heisenberg radio. It's not "secure until you actually look at it". And it's definitely not "secure until someone with good intentions looked at it". It's insecure, by design, and has been for many, many years.

      Without exposure, that would NEVER change.

      TETRA and similar systems has been posited for replacement for decades, as far as I remember, and huge amounts of money spaffed on obtaining replacements but then falling back and just renewing the system for yet-another-year. The only way to actually get them secure and move into the 21st century is to show that the old system is not just "archaic but viable" but that it's entirely obsolete, insecure and unfit for purpose. And, probably, always has been.

      1. Anonymous Coward
        Anonymous Coward

        Re: Spectacularly irresponsible.

        "The only way to actually get them secure and move into the 21st century is to show that the old system is not just "archaic but viable" but that it's entirely obsolete, insecure and unfit for purpose. And, probably, always has been."

        That's not fair - it's insecure - but it is not obsolete, and it is demonstrably fit for purpose in terms of the feature set it offers.

        There isn't a replacement available, and it not even close as far as we can tell (I've been out of the business area for too long to really comment).

        1. Peter2 Silver badge

          Re: Spectacularly irresponsible.

          It sounds like another case of the people developing the technically brilliant new thing not actually listening to the requirements of the end user.

          I have a sneaking suspicion that the end user feedback is similar to "I am betting my life that this thing works when I was facing down a hostile drugged up nutter with an machete in the middle of the countryside at night 20 miles from the nearest 5G signal" followed by a comment like "and the new thing silently failed and I didn't get any backup, and now nobody wants to touch the f****** things with a barge pole".

          Which to be fair, I have very considerable sympathy with. And I personally feel that complaining that it fails to be perfectly secure misses the point; that's one of a number of things it needs to do and I suspect that the police are probably more worried about being abandoned alone without backup in a life threatening emergency than they are about potentially broken encryption. I suspect that they cheerfully take the old system over "perfectly secure, but only works in certain parts of city centres, and not in subways etc" with full knowledge of it's defects.

      2. Justthefacts Silver badge

        Re: Spectacularly irresponsible.

        “The services were all at risk anyway”

        Jesus. Your argument is that we should go round laying mortars onto Number 10, just to drive home your point that Mrs Jones the receptionist really should have signed up to the higher spec door when the salesman came calling.

        The people you have a beef with are the procurements people, now retired, and lax software design (your own industry) thirty years ago. The people who are going to get it in the neck, are an ambulance crew lured to a dark alley by a MITM call-out, stabbed and left to die with all their oromorph nicked. You callous retard.

        1. Ian Mason

          Re: Spectacularly irresponsible.

          You seem to have descended into "whataboutsim" and personal abuse. I take it that means you don't have a solid argument to make other than to assert your way of looking at this is the only way and anyone who refuses to agree with you is an idiot.

          Stakeholders, including all the emergency services, had disclosure of this back in February last year. The whole process follows the well established, and well accepted, principles and practices of responsible disclosure. The end goal, as always, of responsible disclosure, is to ensure that vulnerabilities are addressed and fixed, and that no party can take a head in the sand attitude.

          One thing I'm sure of, that these long standing vulnerabilities will already have been exploited in the wild with high probability, whether by state level actors or some of our more sophisticated criminals. Clearly it is time for TETRA to be fixed or be retired.

        2. Anonymous Coward
          Anonymous Coward

          Re: Spectacularly irresponsible.

          Firstly it’s Oramorph not Oromorph, that may just have been a typo but important to note. The large issue for me isn’t that these researchers are releasing this info after a requested long delay to allow manufacturers to create patches where possible. The large issue is that ESN is so seriously behind schedule and has cost billions with nothing much to show for it.

          Dame Meg Hillier MP, Chair of the Committee, said:

          “The ESN project is a classic case of optimism bias in Government. There has never been a realistic plan for ESN and no evidence that it will work as well as the current system. Assertions from the Home Office that it will simply ‘crack on’ with the project are disconnected from the reality, and emergency services cannot be left to pick up the tab for continued delays. With £2 billion already spent on ESN and little to show for it, the Home Office must not simply throw good money after bad.

          https://committees.parliament.uk/committee/127/public-accounts-committee/news/196423/significant-costs-to-emergency-services-caused-by-home-office-failures-on-communications-network//

          2019 was when we were supposed to be giving the blue light services the new ESN kit and turning off Airwave. We’re not measurably closer to being able to turn off Airwave and that’s the bigger issue here. These vulnerabilities which were apparently known about by the tech suppliers shouldn’t have caused problems because we shouldn’t have been using the kit now.

          The NAO have done their usual bang up job of assessing the situation.

          https://www.nao.org.uk/wp-content/uploads/2023/03/progress-with-delivering-the-emergency-services-network.pdf

          Trouble is it makes depressing reading, more than someone using an ableist slur to refer to someone else.

          1. Anonymous Coward
            Anonymous Coward

            Re: Spectacularly irresponsible.

            Not to mention you can.. Y'know.. Already call an ambulance without a TETRA MITM. But SHHH!!! Don't tell anyone - everyone will start stabbing paramedics if they knew, apparently.

      3. Roland6 Silver badge

        Re: Spectacularly irresponsible.

        >” The only way to actually get them secure and move into the 21st century is to show that the old system is not just "archaic but viable" but that it's entirely obsolete, insecure and unfit for purpose.”

        You were doing well until this point…

        The trouble is, as others have pointed out, in the UK at least, the government have been throwing money at a replacement, which has yet to be delivered…

        If it were the politicians who were extending the life of Tetra or the blue light services not seeing the need for replacement then I would agree, exposing the weaknesses might encourage the politicians to find some money and the blue light services to move on.

        1. Lee D Silver badge

          Re: Spectacularly irresponsible.

          Maybe they should stop just throwing money, lay down a specification, and engage a company in a contractual agreement to deliver it.

          Other countries around the world don't seem to have this problem. Ask them. Engage their people.

          It's because the politicians can get their 10% repeatedly if they sign up a company every year, then get about 10% when they renew with the old system (at zero cost to the manufacturer, but at significant markup because "well, we were going to retire that, but we'll keep it running another year, but it'll cost ya!"), then get to call out to tender again, sign another dodgy contract that doesn't penalise non-delivery, change the spec just at the right time so the new guys pull out because of costs, etc. etc. and repeat ad infinitum.

          It's a government IT project, and it's failing because it's a government IT project. There's really nothing difficult here, even if you produced a hybrid system that did BOTH Tetra and whatever you wanted to move to.

          One investment in new kit... no investment in infrastructure required to use it... then as you build up 5G (or whatever), you don't need to replace the kit... you just keep using it. And if something goes wrong, you still have the other to fall back to! And twice the capacity.

          Specify that properly, put out a government contract, and write proper delivery clauses. Watch the Tetra people run around like loonies in case a rival delivers a product that can do that and make them obsolete within a couple of years.

    5. Neal McQ

      Re: Spectacularly irresponsible.

      Worth noting this much better Wired article (never thought I'd say that...) is the commentary

      "Carlo Meijer, Wouter Bokslag, and Jos Wetzels of Midnight Blue in the Netherlands discovered the TETRA vulnerabilities—which they’re calling TETRA:Burst—in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it’s not clear which manufacturers have prepared them for customers. Motorola—one of the largest radio vendors—didn’t respond to repeated inquiries from WIRED.

      The Dutch National Cyber Security Centre assumed the responsibility of notifying radio vendors and computer emergency response teams around the world about the problems, and of coordinating a timeframe for when the researchers should publicly disclose the issues."

      So, discovered in 2021 and vendors - at least those motivated - spent time prepping fixes before publication now.

      https://arstechnica.com/security/2023/07/researchers-find-deliberate-backdoor-in-police-radio-encryption-algorithm/

      1. the reluctant commentard

        Re: Spectacularly irresponsible.

        Yes, that is a *much* better article than this piece, as it also points out:

        * There are 4 encryption algorithms used, TEA1, TEA2, TEA3, and TEA4. The weakened key vulnerability only affects TEA1

        * TEA1 is for "export use only" and (as john.w has pointed out, most European forces use TEA2)

        * In 2006 an Italian manufacturer pointed out to the US embassy that TEA1 had a "less than 40 bits" key length when an initial application for an export license for TETRA equipment to Iran was turned down, suggesting this weakness was pretty well known within the industry.

        So the world does not appear to be ending (or at least not over this, anyway) but it does show why security by obscurity is generally a bad idea. But it's a pity this article didn't point out these factors, without this context this article is a bit alarming and sensationalist.

    6. Doctor Syntax Silver badge

      Re: Spectacularly irresponsible.

      "there just weren’t any exploits out there in the wild in practice…..until these guys did it."

      What makes you think that? These folks are security researchers who publish their stuff. Exploiters would just get on with it and keep shtumm.

    7. Richard 12 Silver badge

      Re: Spectacularly irresponsible.

      It is absolutely certain that well-funded criminal gangs are routinely decrypting TETRA, and have been for many years.

      It is also practically certain that several forces within the EU realised this, and that is why this investigation was funded and carried out.

      "We're pretty sure X is listening in on our TETRA" is by far the most probable reason for doing this research in 2020-2021. After all, there was a lot of other things happening around that time.

      There's no way a fishing expedition would get funded - but a "Damn well find out HTF the bad guys are doing this, so we can stop them" would.

    8. OffTropics

      Re: Spectacularly irresponsible.

      The Dutch bloke at Midnight Blue writing down the two CVEs:

      „ETSI omnes, ego non“

  5. trevorde Silver badge

    ESN to the rescue!

    Oh,wait...

    1. Thicko

      Re: ESN to the rescue!

      It rescued a lot of Home Office contractors from poverty that's for sure!

  6. StrangerHereMyself Silver badge

    Running wild

    This is what happens when you let intelligence agencies run wild. This backdoor was also possible because the encryption was kept secret (security through obscurity) and no knowledgeable person was allowed to vet it.

    We need to asses as a society what the possible damage could be if intelligence agencies are allowed to perform this kind of sabotage. Their gain of being to listen in on some conversations leads to enormous damage to the public's trust and businesses which may be financially disadvantaged by their secrets leaking out.

    Politicians need to put a stop to this and put out clear limits on how far intelligence agencies can go.

    1. Lil Endian
      Alert

      Re: Running wild

      Politicians need to put a stop to this...

      Fat chance, politicians want back doors. If they weren't self-serving pricks they'd see this case as an example of why they shouldn't be going that route. Again, fat chance.

      It's us, the proles, that need to put a stop to politicians acting irresponsibly.

      1. Doctor Syntax Silver badge

        Re: Running wild

        The politicians only want back doors because they've been told by the security services that having a back door in communications is a Good Thing. It comes back to the security services wanting it at the expense of operational security of everyone else.

        I suspect politicians don't think any communication is secure because however technically secure their communication channels might be at least one of them will blab anyway.

  7. Gordon 10
    Meh

    Meh

    Wheres the SO WHAT here?

    Who cares?

    Whats the exploitation use case?

    1. Ian Mason

      Re: Meh

      Well, you've certainly publicly stated your unsuitability for a career as a criminal or as a spy. Or is this just a ruse to persuade up that you aren't one of those two things?

  8. dermotw

    Dearie me..

    Perhaps I should point out that AFAIK no security service (globally) uses tea1. There are others defined.

  9. Neal McQ

    So, 'someone' introduced a backdoor into the systems so that presumably only government entity could monitor the traffic. This sounds very similar to the proposals to introduce 'government-only' backdoors into modern messaging systems? A good example that a backdoor will always be released publicly and the idea to have e2e encryption but a backdoor for security entities is magical thinking.

  10. john.w

    Of course the encryption is secure!

    This talks about TEA1 not TEA2 that is used by the police and emergency services in SHENGEN area and Britain. The TEA1 version is used in the same way that the Enigma code was shared with 'friends' after the war.

  11. Martin an gof Silver badge
    WTF?

    Wut?

    affect the monitoring and control of industrial equipment, like railway switches or electrical substation circuit breakers

    I don't think TETRA is used for that kind of thing, is it?

    M.

    (oh, and in the UK they are POINTS, not SWITCHES :-)

  12. John Brown (no body) Silver badge

    Governments and access to encrypted messages

    Governments still want to access to encrypted messages on social media and I doubt they will connect the dots and see that this Tetra "problem" might be related in some way to the fact the not only is encryption hard, but it's not possible to design secure encryption that can be monitored the way they want. Their "solution" will probably be to pass yet more laws making it illegal to snoop on Tetra comms instead of solving the problem.

    1. NXM Silver badge

      Re: Governments and access to encrypted messages

      "illegal to snoop on Tetra comms"

      That reminds me of emergency services comms in the UK circa the 1970's. They transmitted on unused FM frequencies, different ones for officers in the field and control. Using the gift of any FM radio you could hear one side of the conversation, presumably with another one you could hear both.

      But no-one ever did, ever, not even me (promise!) because there was a law against it.

      1. John Brown (no body) Silver badge
        Thumb Up

        Re: Governments and access to encrypted messages

        Oh, yes I remember that too, I'd forgotten. Not all FM radios, but some would tune just that little higher up the band than normal, past 108MHz. ISTR there was something just off the bottom of the band too.

        1. Martin an gof Silver badge

          Re: Governments and access to encrypted messages

          Initiallly (uk) only 88 - 100MHz was allocated to broadcast and police used 100MHz+

          I have definitely told this story before, but Gwent Broadcasting was one of the first stations to be allocated a frequency above 100MHz. For a while they used a tag line, "on the right side of the law".

          That station was later subsumed into Red Dragon alongside Cardiff Broadcasting, and I worked for Red Dragon & Touch Radio (as the split AM frequencies became) in the 1990s.

          Our news editor brought an old valve radio down for me to fix. It only tuned up to 100MHz, which he saw as a bonus meaning he didn't have to listen to our FM station (then on 103.2MHz) at home. Reception of our AM station was glorious on that old set.

          M.

  13. heyrick Silver badge

    This and all the WiFi flaws (like WPS)...

    ...ought to be good justifications of why infrastructure things shouldn't be secret sauce encryption designed by committee.

  14. Tron Silver badge

    Modest proposal.

    We should probably assume no digital service to be genuinely secure. One way or another, the NSA, GCHQ or other spook agencies will have effectively backdoored it. That goes for every operating system and telephony protocol. That's why they want the Chinese out - to implement backdooring to spy on their own citizens, they would expose their procedures to the Chinese companies running the hardware and apps. They will not be happy doing that.

    They probably run/access one or more or all of the VPNs too. And their primary target will always be their own citizens, not foreign nations.

    The only possible solution to this is distributed tech. That may be why GAFA have largely avoided it, not really innovating for the best part of a decade.

    1. Graham Cobb Silver badge

      Re: Modest proposal.

      We should probably assume no digital service to be genuinely secure.

      Probably true. At least for a service. And maybe for off-the-shelf commercial software.

      That goes for every operating system and telephony protocol.

      I don't think that is true. I may be hopelessly deluded, but I do think that open source software like gpg is as good as we can make it. There are bugs, of course, and some of them may even be bugs inserted by careful undercover agents to deliberately weaken the implementation. But I am optimistic that the software is pretty damn secure and that any such insertions are difficult to use and are probably reserved for the highest level targets (governments, terror groups, militaries, etc) to avoid burning them on catching mere 'criminals'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like