A cluster of five vulnerabilities (CVEs 2023-24400 through to 24404, dubbed TETRA:BURST) has been discovered in the encryption mechanisms for the TETRA radio comms standard.
TETRA radios are used worldwide; most of us military techie-types are familiar with them. TETRA also has industrial control system/SCADA applications though, which is rather concerning for public safety.
The encryption algorithms have been kept secret by the ETSI standards organisation, however, researchers from Midnight Blue got hold of them and will be presenting their findings in full (and publishing the algorithms!) starting at next months Black Hat conference in Las Vegas. You can find more information on their research into these vulnerabilities at the Midnight Blue website: https://lnkd.in/evM-eBPt
Of particular interest is CVE-2023-24402, as it transpires that the TEA1 encryption algorithm had a backdoor deliberately implanted which reduces the advertised 80-bit key to just 32-bits. This was apparently so that ETSI could sell the product outside of Europe.
The TEA1 algorithm is primarily used in commercial applications, but is also used for critical national infrastructure, plus several non-European police and military organisations use it for, ahem, "secure" comms.
The vulnerabilities have apparently been resolved by the TEA5, 6 and 7 algorithms, but as ETSI maintain their "non-disclosure" posture, no independent verification of the security of these algorithms has been conducted.
Following on from her article in Wired ( https://lnkd.in/eZcxYEMz ), the ever-meticulous Kim Zetter has published her full interview with ETSI representative Brian Murgatroyd on Substack:
https://lnkd.in/egiB4F9T
Brian inexplicably defends ETSIs continued stance on hiding their algorithms behind non-disclosure agreements, by declaring that "obscurity is a form of security". Frankly, that is an APPALLING attitude to have in 2023, and will likely discourage trust in TETRA as a secure comms product.
#encryption #cve #vulnerabilitymanagement #tetra #blackhat2023
I help defense contractors get CMMC compliant ASAP⏱️
2wShauna Weatherly thanks for sharing!