The Vulnerabilities of Police Radios: Exposing Decades-Old Crypto Flaws

Hacking Police Radios: 30-Year-Old Crypto Flaws in the Spotlight

A Wake-Up Call for Outdated Encryption

In recent news, researchers at the boutique Dutch cybersecurity consultancy, Midnight Blue, have uncovered serious vulnerabilities in the encryption used by the Terrestrial Trunked Radio (TETRA) system, commonly used by law enforcement, emergency services, and some commercial organizations. The TETRA system, which was standardized in 1995, still relies on encryption algorithms that are no longer considered secure in today’s cryptographic landscape.

The Legacy of Weak Crypto

Back in 1995, when the TETRA encryption was standardized, cryptographic tools such as the Data Encryption Standard (DES), RC4 cipher, and MD5 message digest algorithm were still in widespread use. However, all of these algorithms have since been proven to be flawed, leaving encrypted communications vulnerable to attacks.

DES, with its 56-bit encryption keys, was rendered weak as modern computers became capable of brute-force attacks against intercepted messages. RC4, which is designed to turn input data into random output, was found to have significant imperfections that allowed attackers to retrieve plaintext information. MD5, which generates a message digest for files, was discovered to produce the same fingerprint for different files, making it unreliable for detecting tampering.

While modern cryptographic algorithms, such as AES, SHA-256, and ChaCha20, have been subjected to extensive analysis and improvement over the years, TETRA’s encryption remained largely unexamined due to its proprietary nature and strict non-disclosure agreements (NDAs). The researchers behind the TETRA:BURST vulnerability, taking inspiration from Kerckhoff’s Principle, which advocates for transparency in cryptographic systems, legally acquired TETRA devices and discovered five vulnerabilities, which have been assigned CVE numbers.

Why NDAs and Closed Algorithms Are Problematic

The reliance on NDAs and closed algorithms to protect cryptographic systems is fundamentally flawed. NDAs do not prevent vulnerabilities from being found by malicious actors or leaked by insiders. Eventually, someone will see the algorithm and be free to disclose it.

By contrast, open cryptographic systems undergo rigorous analysis, community scrutiny, and improvement over time. The public nature of open systems ensures a collective intelligence in finding and fixing vulnerabilities. Closed systems, on the other hand, limit collaboration and leave vulnerabilities undiscovered.

Implications and Recommendations

The discovery of vulnerabilities in the TETRA system raises important concerns about the outdated encryption used in critical communication systems. To ensure the security of our communications, we must learn from these findings and adopt best practices.

Follow Kerckhoff’s Principle

Kerckhoff’s Principle emphasizes the importance of relying on the strength of the algorithm rather than keeping it hidden. Cryptographic systems should be designed to withstand public scrutiny, with the encryption algorithm as well as the keys kept secret.

Trust Verified Algorithms

It is crucial to use algorithms that have undergone extensive analysis and improvement by the cryptographic community. Algorithms such as AES, SHA-256, and ChaCha20 have withstood public scrutiny and are widely regarded as secure.

Verify Data Authenticity

Encryption protocols should include mechanisms to ensure the authenticity and integrity of transmitted data. TETRA’s vulnerability, CVE-2022-24401, highlights the importance of preventing tampering and ensuring that encryption keys are not reused.

Avoid Intentional Weaknesses

Cryptographic systems must not include intentional weaknesses or backdoors that could be exploited by attackers. The deliberate downgrade trick mentioned in CVE-2022-24402 serves as a reminder that weakened encryption can lead to compromised security.

Conclusion

The discovery of vulnerabilities in the TETRA encryption serves as a wake-up call for the need to update and strengthen the encryption used in critical communication systems. By adhering to best practices, such as relying on trusted algorithms, maintaining data authenticity, and avoiding intentional weaknesses, we can significantly improve the security of our communications. It is essential that law enforcement agencies and organizations using the TETRA system act promptly to address these vulnerabilities and ensure the safety of their operations.

As technology advances and cyber threats evolve, it is imperative to regularly assess and update encryption systems to safeguard our communications from determined adversaries. By embracing transparency and collaboration, we can build stronger cryptographic systems that withstand the test of time.