Apparently, the cryptographic keys used to secure the communications were effectively 32 bits long. You don't find 32-bit long keys anywhere, in any cryptography, at least for the past 40 years. I wouldn't say it's equivalent to using no encryption, but it's really, really bad.
At least one of the cyphers used for TETRA appear to be completely unfixable. Also, the hardware itself was used to find the exploit, so top marks there!
The backdoor has apparently been known by the vendors selling the hardware for years. I'm almost certain state-sponsored actors have been actively looking at and collecting these TETRA networks as far back as the 2000s.
It’s hilarious in a sickening, sad sort of way watching America disintegrate while very few seem to care.
Nothing in software or hardware gets put there by accident................
“There’s no other way in which this can function than that this is an intentional backdoor,” Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.
**********************************************************
If Wetzels is correct, this fact should make the marketing manufacturer guilty of fraud.
The NSA never wanted anything to go out that they couldn’t crack at will.
They evidently did not care that our enemies could crack it too.
Reminiscent of the Dead Man Mocking scenario.
Relevant to TETRAcom encryption, not the more often used P25 encryption. My local cop shop turned on encryption a few years ago “just because they could”. Pisses me off, we pay their salaries, unless it is sensitive we should be able to hear their radio transmissions.
i’m fairly certain our military uses AES-256 over a mesh network of SINCGARS radios
the keys for which cycle daily
not much of a ‘backdoor’ there.
The encryption was probably set when COCOM was the law. A general restriction on export of encryption over 40 bit. The Wasanar agreement lifted most of the restrictions. The different law enforcement agencies should have requested an update to AES @ either 128 or 256 bit (what you commonly hear called military grade encryption.
The only surprise is that these agencies say on their ass for roughly 20 years.