I don't know whether the backdoor allegation is correct, but unfortunately we should treat opaque ostensible security with skepticism.
By their nature, such things often can be used for our protection at the same time they are secretly used against us.
"under the guise of protecting trade secrets and swear words in the code, the code encryption actually protects crappy code stuffed with vulnerabilities (i.e. future entry points available to the right friends and foes) and backdoors (some forgotten and some very much not)". And in this case "future" was a while ago.
Obviously you can debate wether having it 'appear' secure for longer before someone publishes details of the flaw is more important or not...
What do you mean lasted? If it is an intentional backdoor, it was vulnerable (to those who knew the backdoor) from day 1, so it was never secure let alone 30 years.
We don't know how many intelligence agencies have found some of these and are happily listening in on "secure" communication, concealing that fact successfully.
I know some group had it pwned at least 2010-ish. But won't elaborate.
And I'm sure they weren't the first, nor the only ones.
Main goal of security through obscurity is the hindrance. Make it slower and harder to to detect possible vulnerabilities.
So indeed, there is something to debate.
But I guess it helps only against those with limited resources, not against nation states.
For example, hiding the fact that your data is encrypted with AES doesn’t make an attacker any more likely to be able to break AES. Similarly, hiding the fact that you use a weak encryption algorithm doesn’t keep an attacker from breaking it.
> kz (interviewer): How did it go about meeting those requirements, because that's the one they're saying has a backdoor in it. Was that the condition for export?
> BM (ETSI): Backdoor can mean a couple of things I think. Something like you'd stop the random number generator being random, for instance. [But] what I think was revealed [by the researchers] was that TEA1 has reduced key-entropy. So is that a backdoor? I don't know. I'm not sure it's what I would describe as a backdoor, nor would the TETRA community I think.
...
> KZ: People ... believe they're getting an 80-bit key and they're not.
> BM: Well it is an 80-bit long key. [But] if it had 80 bits of entropy, it wouldn't be exportable.
...
> kz: You're saying 25 years ago 32 bit would have been secure?
> BM: I think so. I can only assume. Because the people who designed this algorithm didn't confer with what was then EP-TETRA [ETSI Project-TETRA is the name of the working group that oversaw the development of the TETRA standard]. We were just given those algorithms. And the algorithms were designed with some assistance from some government authorities, let me put it that way.
...
> bm: That's what we now know yeah - that it did have a reduced key length.
> KZ: What do you mean we now know? SAGE created this algorithm but the Project-TETRA people did not know it had a reduced key?
> BM: That's correct. Not before it was delivered. Once the software had been delivered to them under the confidential understanding, that's the time at which they [would have known].
...
You've really got to wonder who at ETSI gave the thumbs up on doing this interview.
0 - https://www.zetter-zeroday.com/p/interview-with-the-etsi-sta...
> The Midnight Blue researchers have since demonstrated real-life exploitations of some of the vulnerabilities, for example at the 2023 Blackhat Conference in Las Vegas (USA). They have shown that TETRA communications secured with the TEA1 encryption algorithm can be broken in one minute on a regular commercial laptop and in 12 hours on a classic laptop from 1998 [III].
In 1998, the EFF built a custom DES Cracker[0] for around $250k that could crack a 56-bit DES message in around 1 week. As was the custom at the time, they published the source code, schematics, and VHDL source in a printed book to evade (and, I guess, mock) export restrictions.
The weaker cipher mode, TEA1, is used when selling the radios to anyone who may not necessarily be an ally or highly trusted. This is the legacy of strong crypto being export-controlled.
It was public that these ciphers were weaker, but they were actually much weaker than advertised. This is the backdoor.
It's essentially a surreptitious version of what the US did in the 1990s with "export ciphers".
https://www.rcrwireless.com/19980309/archived-articles/dolph...
https://web.archive.org/web/20230213001335/https://github.co...
Nobody is surprised these protocols have been broken, it should not be a surprise, and having some kind of panic reaction should be considered either a charade or a case of abysmal management.
Interesting discussion about responsible disclosure. It seems a strange belief that you can tell all the radio operators about the vulnerability without also telling exploiters. Aren't they often one and the same? What's a reasonable approach here?
I suspect that there was an update (or replacement) to the radios that was generally described as an ordinary update / maintenance.
Should the vendor be allowed to continue to sell models they know are compromised while their competition loses those contracts? Shouldn't there be some consequence for such fraud?
> The Dutch NCSC (NCSC-NL) was informed in December 2021, after which meetings were held with the law enforcement and intelligence communities, as well as with ETSI and the vendors. Shortly afterwards, on 2 February 2022, preliminary advice was distributed to the various stakeholders and CERTs. The remainder of 2022 and the first half of 2023 were used for coordination and advisory sessions with stakeholders, allowing manufacturers to come up with firmware patches, updates or workarounds.
This reads to me as if malicious parties were notified some 18 months before users were notified.
It's kind of like saying...
Vendor: "We support up to 1 zillion bit encryption!"
User: "What's the default out of the box?"
Vendor: "10 bit"
This is IMHO a very unfair TLDR; . The news is that the researchers claim that there is deliberate backdoor, which ETSI denies. If it is true, there cannot be any further trust in other proprietary parts as well.
Which alone implies that the Tetra crypto security theatre is well known in that industry, and isn't a surprise to vendors in the slightest.
The lack of any large allocation for this kind of radio is a big part of why US first responders are stuck with P.25, which is narrowband FM. If there were a wide-enough band in which it could be used, a lot of first responders would have bought TETRA radios a long time ago. P.25 is easy to jam by brute-force power output, and trivial if you directly attack the error correction bits. TETRA and FHSS have a much much larger ratio of attacker transmit power to victim transmit power.
https://en.wikipedia.org/wiki/Project_25#Jamming_vulnerabili...
(FWIW, P.25 is an even worse dumpster-fire than TETRA...)
Everybody plays the espionage game, Europe really is no exception, they just like to use the US to keep their hands (mostly) clean.
