Sensitive Police, First Responder Communications Tech Used Flimsy Encryption And Suffered From Numerous Vulnerabilities For Years

Transparency is good, actually.

For decades numerous sensitive infrastructure, military, and first responder systems in Europe and the U.S. have utilized a radio standard dubbed TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera,and other major vendors. For 25 years secrecy surrounding the encryption algorithms used in TETRA kept researchers from taking a closer look at the technology... until now.

And what they found... wasn't great. Researchers found that the encryption algorithm baked into radios sold for commercial use in critical infrastructure contained five major vulnerabilities and a backdoor" (more akin to an open front door) that vendors apparently knew about, but many customers weren't aware of.

The vulnerabilities were technically found by independent researchers in 2021, but weren't revealed until vendors could develop patches. But given an ongoing lack of transparency, whether those updates have been implemented and what hardware is impacted isn't broadly understood:

Carlo Meijer, Wouter Bokslag, and Jos Wetzels ofMidnight Bluein the Netherlands discovered the TETRA vulnerabilities-which they're callingTETRA:Burst-in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it's not clear which manufacturers have prepared them for customers. Motorola-one of the largest radio vendors-didn't respond to repeated inquiries from WIRED.

TETRA Is primarily used in Europe in police, military, first responder, infrastructure, and other key communications. While less common in the U.S., Kim Zetter at Wired worked with the researchers to discover the standard was in use across a number of sensitive industries and agencies here in the States as well:

Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.

The TETRA standard itself is easily reviewable, but the platform's encryption algorithms are only made available to trusted parties that sign an NDA. To find the vulnerabilities, researchers purchased an off-the-shelf Motorola MTM5400 radio, dug into the radio's firmware over four months, then used several zero-day exploits to defeat the Motorola-implemented protections.

Wired goes on to note that while the standard is still widely in use, the Snowden files contain information suggesting the NSA and GCHQ knew about and potentially exploited these vulnerabilities as early as 2007.