Posted on 07/24/2023 12:13:31 PM PDT by Syncopated
A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers.
While the researchers frame their discovery as a backdoor, the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption. The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute.
“There's no other way in which this can function than that this is an intentional backdoor,” Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.
(Excerpt) Read more at vice.com ...
Apparently, the cryptographic keys used to secure the communications were effectively 32 bits long. You don't find 32-bit long keys anywhere, in any cryptography, at least for the past 40 years. I wouldn't say it's equivalent to using no encryption, but it's really, really bad.
At least one of the cyphers used for TETRA appear to be completely unfixable. Also, the hardware itself was used to find the exploit, so top marks there!
The backdoor has apparently been known by the vendors selling the hardware for years. I'm almost certain state-sponsored actors have been actively looking at and collecting these TETRA networks as far back as the 2000s.
It’s hilarious in a sickening, sad sort of way watching America disintegrate while very few seem to care.
Nothing in software or hardware gets put there by accident................
“There’s no other way in which this can function than that this is an intentional backdoor,” Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.
**********************************************************
If Wetzels is correct, this fact should make the marketing manufacturer guilty of fraud.
The NSA never wanted anything to go out that they couldn’t crack at will.
They evidently did not care that our enemies could crack it too.
It’s hilarious in a sickening, sad sort of way watching America disintegrate while very few seem to care.
this Regime is going to collapse in on itself, like the USSR in the late 1980’s.
The “diversity agenda” to hire the incompetent from favoured groups is just an accelerant.
If you want to see a good movie about how things were in the dying days of the Soviet Union, watch the movie "Tetris". Everybody knew the end was coming, they were just trying to get whatever they could out of it.
>>the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption.
This I believe. It used to be illegal to travel wearing a t-shirt with the RSA algorithm printed on it, since the source code was classified as a munition.
They evidently did not care that our enemies could crack it too.
~~~
The people who put in backdoors hope that no one ever finds out about them, and they usually protect them so that even if they did, it wouldn’t be easy to exploit. But they are obviously most secure if you don’t even know they are there.
The problem is, Asian manufacturers are notorious for reverse engineering all their competition’s product. They want to know everything does.
However, the people here mentioning the NSA are probably on to something. From what I have heard, they don’t like anyone locking them out. So if they made a deal with the manufacturer of the product with the back door to include it, I wouldn’t be surprised if this story ends up going no where
Everybody knew the end was coming, they were just trying to get whatever they could out of it.
When you look at the massive unsustainable US debt borrowing and spending, it looks the same. Looting before the collapse.
Reminiscent of the Dead Man Mocking scenario.
Who do you think is behind all of those "let us store your passwords" websites?
You can find some small solace in knowing this is mostly a European problem. US police departments and the military utilize a hodgepodge of standards, mostly because TETRA was prohibited by law until 2009.
TETRA is only found, as far as I know, in New York’s MTA buses, Texas (Houston’s buses, Austin, Galveston, San Antonio and its exurbs), Pennsylvania (Philly, of course), California (LAX only), Indiana (Gary), and I don’t know where else. It’s not popular because it’s not cheaper than doing what you’ve always done to buy new gear for a small improvement in performance.
Relevant to TETRAcom encryption, not the more often used P25 encryption. My local cop shop turned on encryption a few years ago “just because they could”. Pisses me off, we pay their salaries, unless it is sensitive we should be able to hear their radio transmissions.
Pisses me off, we pay their salaries, unless it is sensitive we should be able to hear their radio transmissions.
~~~
Bad guys buy scanners.
Even then, I probably still would have agreed with you.
But in the last 5-10 years, people intentionally target police. I no longer blame them for wanting secure radio.
Perhaps if this goes on in the next 5-10 years the 'good' people will be forced to as well.
Same happened in the last decades of Rome.
“However, the people here mentioning the NSA are probably on to something. From what I have heard, they don’t like anyone locking them out.”
True. It makes one wonder if they have back doors to all the VPN servers too - at least the US-based ones.
thank you...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.