this post was submitted on 24 Jul 2023
15 points (100.0% liked)

Furry Technologists

1310 readers
1 users here now

Science, Technology, and pawbs

founded 1 year ago
MODERATORS
 

Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

Funny how this came out when there's been a renewed push for backdoors in cryptography. They all seem to forget that all it'd take for an adversary to get in is for them to find the backdoor... Sadly this kind of thing is pretty common in the radio sphere - the "basic" encryption (better called 'privacy code') on DMR radios is often one of 16 or 256 different codes, and the next step up is 40-bit ARCFOUR. For AES, you have to pay through the nose for software licences, and most users won't or can't bear the costs. The only good news is the higher-tier algorithms like TEA2/TEA3 weren't vulnerable - and they're more likely the ones in use by emergency services.

[–] [email protected] 2 points 1 year ago (1 children)

@cosmo @stefenauris @bersl2 agree except that TEA2/3 weren’t vulnerable *in this particular study*. ETSI/TCCA are (foolishly, I think) sticking to their guns on the algorithms being tightly controlled. Without proper, widespread academic scrutiny there is little confidence that they are *actually* secure.

[–] [email protected] 3 points 1 year ago

@cosmo @stefenauris @bersl2 I like how the researchers in their release squarely blame the TEA1 issues on failure to adhere to Kerckhoffs's principle; but ETSI in their response completely fail to address that and adopt a “this is fine” stance.