Pointed out that there was an intentional backdoor lurking in the encrypted wireless standard used by police and military around the world

A cybersecurity group has pointed out that there is an intentional backdoor in TETRA, an encrypted wireless standard used by police, military, and critical infrastructure organizations around the world. The backdoor may have existed for decades, according to researchers, through which various sensitive information could have leaked.

Researchers Find 'Backdoor' in Encrypted Police and Military Radios
https://www.vice.com/en/article/4a3n3j/backdoor-in-police-radios-tetra-burst

European national police and emergency services, African military organizations, North American train operators, Japanese airport radio services , and other regional critical infrastructure providers have been using the encrypted wireless standard TETRA for over 20 years. However, it became clear that TETRA has a backdoor called 'TEA1'. However, not all TETRA-adopted radio users are affected by this backdoor, and it seems that it is a backdoor that exists only in some of the TETRA standards that are approved for export to other countries.

The research group of security company Midnight Blue discovered TEA1. Details of TEA1 will be announced at Black Hat USA 2023, a security-related conference scheduled to be held in August 2023.

Redacted Telecom Talk - Black Hat USA 2023 | Briefings Schedule
https://www.blackhat.com/us-23/briefings/schedule/index.html#redacted-telecom-talk-31807

TEA1's details are kept under tight control, due to an unusually long disclosure process, explains Midnight Blue's Joss Wetzels. According to Wetzels, the research team has been informing relevant parties of the existence of TEA1 for more than a year and a half and encouraging corrections, including the first meeting with the Dutch police in January 2022 and a meeting with intelligence agencies held at the end of the month. The Midnight Blue study is funded by the NLnet Foundation .

TETRA, an encrypted radio standard released in 1995 by the European Telecommunications Standards Institute (ETSI), a standards body, relies on proprietary encryption methods rather than open source. Therefore, it seems very difficult for external experts to verify 'how safe' TETRA is.

Therefore, the research team explains that they used the Internet auction site eBay to purchase a radio that uses TETRA and access the encryption component. According to Wetzels, the signal processor of the TETRA-adopted radio (a chip equivalent to a Wi-Fi or 3G chip that processes radio signals) seems to hold the encryption key in a secure enclave, but the research team has discovered vulnerabilities that allow it to be extracted and analyzed.

Midnight Blue eventually reverse-engineered TETRA's encryption mechanism, apart from TEA1, `` CVE-2022-24401 '' `` CVE-2022-24402 '' `` CVE-2022-24404 '' `` CVE-2022-24403 '' `` CVE-2022-24400 '' Discover five vulnerabilities. These five vulnerabilities are collectively called 'TETRA:BURST'.

TETRA:BURST | Midnight Blue
https://tetraburst.com/

ETSI, the organization that formulates TETRA, has objected to the indication that ``TEA1 is a backdoor,'' and claims that TEA1 is ``a specification intentionally designed to circumvent export restrictions on TETRA's encryption strength.'' However, by using this backdoor, it is possible to decrypt the encrypted radio in less than a minute using a general laptop and consumer hardware. In addition, Midnight Blue said, ``It's a simple type of attack that completely destroys the algorithm, which means that the attacker can passively decrypt everything in near real time.And when you intercept the radio, there is no interference, so you can't even detect that you're intercepting,'' he said, pointing out that the backdoor is pretty malicious.

Wetzels said, 'There is a high possibility that someone discovered this backdoor earlier.'