Security News > 2023 > July > Hacking police radios: 30-year-old crypto flaws in the spotlight
Secondly, the underlying encryption algorithms are proprietary, guarded as trade secrets under strict non-disclosure agreements, so it simply hasn't had the levels of global, objective mathematical scrutiny that unpatented, open source encryption systems have.
Simply put, if you need to keep the algorithm secret, as well as the decryption key for each message, you're in deep trouble, because your enemies will ultimately, and inevitably, get hold of that algorithm.
Unlike decryption keys, which can be changed at will, the algorithm only needs to be revealed once.
This means you can't work out the keys to unscramble old data, even if you've already intercepted it, or predict the keys for future data so you can snoop on it in real time.
TETRA apparently does its key setup based on timestamps transmitted by the base station, so a properly programmed base station should never repeat previous encryption keys.
CVE-2022-24402 covers a deliberate security downgrade trick that can be triggered in TETRA devices using the commercial-level encryption code.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2022-24402 | Improper Restriction of Excessive Authentication Attempts vulnerability in Midnightblue Tetra:Burst The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 |