Radio Encryption Backdoor article

[WRWH978]

Interesting article:

https://www.vice.com/en/article/4a3n3j/backdoor-in-police-radios-tetra-burst

"A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers."

Secure is never totally secure, right?

[muggz]

There's no such thing as perfect security around the utility of a thing.  The world of risk is more complicated than most people care to discuss.  The term "secure" is always more accurately stated as "the known risks have been treated to an acceptable level" but that doesn't quite roll off the tongue.

Of the 4 vulnerabilities posted, the key length downgrade (CVE-2022-24402) is what folks are calling the "backdoor", which seems like an overstatement to me, unless they have information which they're not sharing.  If you click to the CVE details page you'll note there's nothing there at the time I post this message.

To me the real question is why TETRA decided to implement key length downgrade in the TEA1 cipher.  Possibly it was implemented to address product hardware constraints and never removed, or maybe it was added to simplify interception.  We may never know, but hopefully those still using radios with TEA1 know they've chosen a deprecated form of communications confidentiality and can choose whether TEA1 is still "secure" based on their risk appetite.

[Lscott]

1 hour ago, muggz said:

There's no such thing as perfect security

There never was. Advances in decryption algorithm design, number theory etc. soon renders many cryptographic techniques obsolete.

The point of most encryption in the public arena is to foil the "casual" radio monitor. i.e. those with scanners, or scanning two way radios. Making the cost, in terms of time and hardware, significantly higher than the value of the intercepted communications deters most people from bothering to try.

I have on order several ARC4 40 bit encryption licenses for my NX-1300 DMR radios. Is it secure? No, but should be good enough to lock out the "casual" monitor when used infrequently and the key switched on a frequent basis when it is used.

Some of my other radios, the NXDN and P25 types, can use a special digital encryption module, which requires a special cable and external hardware key loader. Those modules are expensive. They also have to meet various tests for security. See attached file.

There are also various types of analog scrambling modules too. I've attached a sample for a TK-3170 radio.

Kenwood Secure Cryptographic Module.pdf Midian-TVS-2-KW2-VPU-15-KW2-Manual.pdf

[axorlov]

2 hours ago, muggz said:

To me the real question is why TETRA decided to implement key length downgrade in the TEA1 cipher.

Very likely a screw-up by people who implemented algorithm for particular hardware. I was at this very place some 20 years ago, working on TEA implementation (not related to radio). Used uint instead of int in one place, and it caused a degradation of entropy. Luckily, my mistake was caught in time and never went into production.

[Lscott]

I've run across mentions that it's illegal to manufacture and or sell a device, likely includes software, for the purpose of intercepting encrypted communications. I also ran across a number of comments on, I think it was GitHub, where a request was made to add some digital decryption features to the SDR radio software. The replies were basically no, due to potential legal issues.

There is also an interesting section in 18 US code section 2512 which seems to say the same thing. Note the language used, "surreptitious interception", which could be interpreted as cracking encrypted communications.  

https://www.law.cornell.edu/uscode/text/18/2512

I know that some SDR software will "identify" encrypted communications, maybe even which type, but will not decrypt it. That appears to be by design.