Interview with the ETSI Standards Organization That Created TETRA "Backdoor"

Brian Murgatroyd spoke with Kim Zetter about why his standards group weakened an encryption algorithm used to secure critical radio communications of police, military, critical infrastructure and others.

For 25 years police, military, intelligence agencies and critical infrastructure around the world have used a radio technology called TETRA for critical communications — a technology they assumed was secure. But a group of Dutch researchers recently got hold of secret algorithms used in TETRA and found it was anything but.

Most people have never heard of TETRA — which stands for Terrestrial Trunked Radio. The standard governs how radios and walkie-talkies used by the vast majority of police forces around the world, as well as many others, handle critical voice and data communications.

TETRA was developed in the 1990s by the European Telecommunications Standards Institute (ETSI) and is used in radios made by Motorola, Damm, Hytera and others. But the flaws in the standard remained unknown because the four encryption algorithms used in TETRA — known as TEA1, TEA2, TEA3, and TEA4 — were kept secret from the public. The standard itself is public, but the encryption algorithms are not. Only radio manufacturers and others who sign a strict NDA can see them.

The researchers — Carlo Meijer, Wouter Bokslag, and Jos Wetzels of the Dutch cybersecurity consultancy Midnight Blue — say that TETRA is one of the few remaining technologies in this area that still uses proprietary cryptography kept secret. Keeping the algorithms secret is bad for national security and public safety, they argue, because it prevents skilled researchers from examining the code and uncovering flaws so they can be fixed. Under the belief that keeping the algorithms secret keeps them secure — security through obscurity — actors intent on finding the vulnerabilities, such as nation-state intelligence agencies or well-resourced criminal groups, are free to exploit them unimpeded, while users remain unprotected.

The researchers were able to extract the algorithms from a Motorola radio and reverse-engineer them, which led them to discover an intentional backdoor coded into one of TETRA’s four secret encryption algorithms.

As Kim Zetter wrote in a story published by WIRED, the algorithm is used primarily by critical infrastructure to secure data and commands in pipelines, railways, and the electric grid, but it’s also used by some police agencies and military around the world. Publicly, the algorithm is advertised as using an 80-bit key, but the researches found it contained a secret feature that reduces it to a 32-bit key — allowing them to crack the key in less than a minute using a standard laptop.

The researchers are calling it a backdoor, because the reduction isn’t a glitch; the algorithm was designed this way to make it intentionally weak. ETSI says it’s not a backdoor and that the algorithm was weakened because this was the only way it could be exported and used outside of Europe. But as a result of the backdoor, malicious actors who crack the key, as the researchers did, would be able to snoop on police communications or intercept critical infrastructure communications to study how these systems work. And they could also potentially inject commands to the radios to trigger blackouts, halt gas pipeline flows, or re-route trains.

In addition to the backdoor, the researchers found another critical problem that wasn’t a weakness in the algorithms but a flaw in the underlying standard and protocol. It would allow malicious actors to not only decrypt critical radio communications of police, military and others, but also to distribute false messages to radios that could deceive or misdirect personnel in a crisis situation.

To address the issues, ETSI created three additional algorithms to replace the previous ones. They are called TEA5, TEA6, and TEA7. But these also are secret, which means no outside experts have examined them to determine if they are secure.

To understand more about this so important critcal communications technology and to understand the view of ETSI, Kim Zetter spoke with Brian Murgatroyd, chair of the technical body at ETSI responsible for developing the TETRA standard and algorithms. They talked about who was behind the decision to keep the algorithms secret, why they weakened one of the cryptographic keys, and why the group plans to keep the new algorithms it created secret as well. 

For context you might first want to read the WIRED story before reading this interview. 

TEA1 — is for commercial use and is primarily used by critical infrastructure around the world. But it’s also used by some police and military agencies outside of Europe.

TEA2 — considered a more secure algorithm is designed for use only in radios and walkie-talkies sold to police, military, intelligence agencies and emergency personnel in Europe.

TEA3 — essentially the export version of TEA2 which is for use outside of Europe by the same kinds of entities that use radios with TEA2.

TEA4 — also for commercial use but is hardly used, the researchers say.

Click here to read the interview with Brian Murgatroyd