After Critical Bug Disclosures, TETRA Emergency Comms Code Goes PublicAfter Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public
After the encryption algorithm used by public safety, military, and governments globally was found to allow eavesdropping, standard maintainers are making TETRA open source.
November 14, 2023
The encryption algorithms used to secure emergency radio communications will now soon be released to the public domain, with the aim of encouraging code review and bug hunting.
The news comes after multiple vulnerabilities were found in TETRA, short for Terrestrial Trunked Radio, which is a radio voice and data standard mainly used by emergency services, such as police, fire brigade, and military, as well as in some industrial environments. The bugs were found by Midnight Blue Labs earlier this year, and the research was presented at Black Hat USA, showcasing additional zero-day vulnerabilities that could allow anyone to spy on or manipulate transmissions.
This decision to go public is a complete 180-degree turn for standard-maintainer ETSI, which originally pushed back against any claims of vulnerabilities within TETRA when they were initially found, claiming that the work to enhance the standard was already underway.
Since then, a technical committee overseeing the TETRA standard met in October to decide on making the algorithms open to the public. Ultimately, the group came to a unanimous decision to open-source all of the TETRA Air Interface cryptographic algorithms.
Brian Murgatroyd, an ESTI committee chairman, noted that the meeting was attended by a substantial amount of the TETRA community, including operators, users, manufacturers, and governments, and that "following publication of the algorithms, we are open to academic research for independent reviews."
The algorithms will enter the public domain alongside the standard's original authentication and key management specification (TAA1), and a the new authentication and key management specification, TAA2.
As yet, no date has been put in place for when the algorithms will become accessible.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper