A team of cybersecurity researchers has uncovered what they believe is a deliberate backdoor in encrypted radios used by police, military and critical infrastructure around the world. According to the researchers, the backdoor could exist for decades, exposing a lot of sensitive data to be passed through. From one report: While the researchers framed their findings as a backdoor, the organization responsible for maintaining the standard pushed back on that particular term, saying the standard was designed for export controls that determine the strength of encryption. The end result, however, is radios with traffic that can be decrypted in less than a minute using consumer hardware like an ordinary laptop. “There’s no other way this could work,” Josh Wettles, one of the researchers at cybersecurity firm Midnight Blue, told Motherboard in a phone call.
The study is the first public and in-depth analysis of the Terrestrial Trunked RAdio (TETRA) standard in more than 20 years of existence. Not all users of TETRA-enabled radios use a specific encryption algorithm called TEA1, which is vulnerable to a backdoor. TEA1 is part of the TETRA standard approved for export to other countries. But the researchers found several other vulnerabilities in TETRA that could allow decryption and spoofing of historical communications. TETRA-Radio users generally include national police forces and emergency services in Europe; Military Organizations in Africa; and train operators in North America and critical infrastructure providers elsewhere.