Posted on 07/24/2023 12:13:31 PM PDT by Syncopated
A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers.
While the researchers frame their discovery as a backdoor, the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption. The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute.
“There's no other way in which this can function than that this is an intentional backdoor,” Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.
(Excerpt) Read more at vice.com ...
It’s a European standard. Hardly any US agencies use it. You will not find it on US military radios. The US may use some TETRA handsets to interoperate with allies in places where better solutions aren’t available.
i’m fairly certain our military uses AES-256 over a mesh network of SINCGARS radios
the keys for which cycle daily
not much of a ‘backdoor’ there.
The encryption was probably set when COCOM was the law. A general restriction on export of encryption over 40 bit. The Wasanar agreement lifted most of the restrictions. The different law enforcement agencies should have requested an update to AES @ either 128 or 256 bit (what you commonly hear called military grade encryption.
The only surprise is that these agencies say on their ass for roughly 20 years.
Should read sat on their asses for the last 20 years.
“The NSA never wanted anything to go out that they couldn’t crack at will. They evidently did not care that our enemies could crack it too.”
Might explain, at least a bit, why the Neocons are getting their butts handed to them in Ukraine. Of course the main problem was their sheer arrogance, thinking that their military hardware, now only capable of fighting the Third World, could take on a superpower.
True. It makes one wonder if they have back doors to all the VPN servers too - at least the US-based ones.
~~~
I would never use a VPN without assuming that they do.
You use a VPN to (hopefully) protect your sensitive information from private interests, and perhaps even your own ISP (which is often the weakest link). If you think you’re going to foil pro spooks, you’re thinking wrong.
“Nothing in software or hardware gets put there by accident”
Having developed — and of course used — software for many decades, I can assure you that there are many things in software (and hardware) that has been shipped, and is in use, that are there by accident. They’re called bugs.
This does not mean that bad things are *never* deliberate...
‘Bugs’ I understand. Things that don’t work, or that have consequences that are not fully explored, or that are at odds with other parts of the code.
AI should, and probably will, alleviate these types of inconsistencies. Make programmers lives easier or just eliminate the need for them at all.
OTOH, I was talking about secret code, backdoors, eavesdropping and transmitting code that is not intended for every user to have access and allow bad people to attach themselves to your computer or financial records.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.