ETSI Dismisses Claims of 'Backdoor' Vulnerabilities in TETRA Standard

Nonetheless, European standards body revised the wireless standard and insists its integrity remains sound.

ETSI is pushing back against claims of major vulnerabilities in its Terrestrial Trunked Radio (TETRA) standard and said work had already begun working on enhancing the standard before researchers revealed a series of vulnerabilities

In a statement, the European Telecommunications Standards Institute (ETSI) also said there is an ongoing maintenance program to ensure standards remain sound in an evolving security landscape.

This led to revised standards for TETRA being released in October 2022. "To adapt to technology innovations and potential cybersecurity attacks, including from quantum computers, the ETSI technical committee TCCE has completed work on new algorithms designed to secure TETRA networks," the standards body said in a statement. Two new specifications, ETSI TS 100 392-7 and ETSI TS 100 396-6, were developed by TCCE with experts from ETSI's quantum safe cryptography group.

Researchers from Midnight Blue this week disclosed a series of backdoor vulnerabilities in TETRA that allow communications to be intercepted and monitored by reducing 80-bit keys to a more breakable 32 bits. They will discuss their findings in greater detail in a talk at Black Hat USA next month.

Where Is the Backdoor?

Midnight Blue founding partner Wouter Bokslag says the term backdoor in CVE-2022-24402 was justified and believes there are lots of different parties affected by this backdoor.

For its part, ETSI dismissed this claim and said it doesn't constitute a backdoor. Bokslag countered with Wikipedia's definition: a covert method of bypassing normal authentication or encryption. Intentional weakening without informing the public seems like the definition of a backdoor, he adds.

"ETSI's issue with the term backdoor supposedly follows from the requirement that a backdoor must constitute a covert method, as opposed to something that is publicly known. They state that, since it has been subject to export control regulations, TEA1 is not covertly weakened," Bokslag says. "We reject this position, since TEA1, just like its counterparts, uses 80-bit keys and is, to the best of our knowledge, never advertised as providing weaker security guarantees."

Bokslag says that there is no reason ETSI would be aware of exploitations in the wild, unless customers contacted ETSI after detecting anomalies in their network traffic. "Assuming this pertains to TEA1, since it can be passively intercepted and decrypted, there is no detectable interference, and ETSI not knowing any concrete cases seems like a bit of a meaningless statement."

ETSI praised the researcher's determination of the overall strength of the TETRA standard, and that they found no weaknesses in the TEA2 and TEA3 algorithms following extensive analysis.

ETSI also acknowledged that there are some general areas for improvement in the TETRA protocol, as well as weaknesses in the TEA1 algorithm. It claimed the revised standards released last October mitigate the potential to discover the identities of mobile radio terminals which are using TEA versions 5, 6, and 7.

ETSI and TCCA said they aren't currently aware of any exploitations on operational networks, and they continue to invest in and develop the TETRA standard so that it remains safe and resilient for the public safety, critical infrastructure, and enterprise organizations that rely on it.