Digital public authority radio: New vulnerabilities in Tetra – Encryption fails

Experts from the Dutch IT security company Midnight Blue have once again uncovered several vulnerabilities in the European radio standard Tetra (Terrestrial Trunked Radio) and associated encryption solutions. This is used in Germany and around the world primarily for digital government radio, i.e. by the police, emergency services and other blue light authorities. Two years ago, the team had already discovered serious problems with Tetra encryption algorithms and a backdoor that was open as a result. It has now become clear that even the additional end-to-end encryption that can be used, which is actually considered secure and should prevent eavesdropping, is proving to be easy to circumvent, at least in one implementation.

Secrecy prevents control

The end-to-end encryption solutions from Tetra (E2EE) are an additional layer of security on top of the air interface encryption with the TEA algorithms, some of which can be circumvented, writes Midnight Blue about Tetraburst 2. They are aimed at end users such as secret services and special forces. What made the researchers' work more difficult was that the design of Tetra E2EE is proprietary and non-disclosure agreements prevent public scrutiny.

According to the team, they obtained a "popular" Tetra E2EE solution for radio devices from the manufacturer Sepura, reverse engineered it and analyzed the whole thing. The experts reported on the results on Thursday at the BlackHat conference in Las Vegas and published initial details.

According to the report, the encryption algorithm used for the Sepura end device under investigation basically relies on 128-bit AES encryption. The catch: this has apparently been deliberately weakened so that the effective entropy of the encrypted data in radio traffic is only 56 bits. Entropy describes the average number of decisions – here in the form of bits – required to decrypt a character. The weakening of the encryption makes it comparatively easy to crack using brute force attacks and eavesdrop on conversations.

Even a patch proved ineffective

Other gaps in the encryption that have been identified allow forged voice or data packets to be smuggled into the radio traffic or old messages to be replayed. This can massively irritate the emergency services and jeopardize their work, as they are dependent on the accuracy of the information. The reduction in encryption strength to 56 bits was apparently made for export control reasons and was not communicated transparently to end customers. The research findings suggest that many governments investing millions in these radio systems may not be aware of the lower security level.

Tetra was standardized by the European Telecommunications Standards Institute (ETSI) in 1995. The encryption solution in question was later developed by the Critical Communications Association (TCCA), which cooperates closely with ETSI. Brian Murgatroyd, ex-chairman of the technical committee responsible for Tetra at ETSI, told Wired that E2EE was not included in the standard itself, as it was initially only considered important for groups with special security needs. Buyers of Tetra-based radios are free to use other solutions. However, the solution developed by the TCCA and recommended by the ETSI is widely used.

The choice of algorithm and key is made between the supplier and the customer, explained Murgatroyd. ETSI has no influence on this and also does not know which program routines and key lengths are used in a system. In principle, device manufacturers and customers "must always comply with export control regulations". Midnight Blue therefore considers "a careful risk assessment in each individual case" to be necessary. The team also demonstrated that malicious data packets can easily be injected into Tetra networks ("packet injection"). They also found critical vulnerabilities in multi-cipher networks: If different encryption methods were used, these implementations would be particularly vulnerable. Even a security patch developed by ETSI is "ineffective".

(vbr)