We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
37C3 - All cops are broadcasting
Experts reveal severe vulnerabilities in Tetra encryption algorithm used in critical infrastructure, exploited by police forces and unaddressed by European authorities, highlighting urgent need for transparency and regulation.
- Tetra, a proprietary encryption algorithm used in critical infrastructure, has several security vulnerabilities, including a backdoor and weak key management.
- The algorithm is used in many countries, including Europe, and is vulnerable to keystream recovery attacks, which can be used to decrypt messages.
- The backdoor, known as TEA-1, is used by some police forces and can be exploited to inject fake messages into the system.
- The algorithm’s weakness is due to its use of a proprietary key management system, which makes it difficult to verify the integrity of the encryption.
- The European Union has been aware of these vulnerabilities for some time, but has not taken adequate action to address them.
- The Netherlands’ National Cybersecurity Center (NCSC) has been working to identify and address these vulnerabilities, but has been hindered by the lack of transparency from vendors and manufacturers.
- The use of Tetra in critical infrastructure, such as power grids and transportation systems, is a serious concern, as it could be exploited to disrupt or compromise these systems.
- The researchers behind the Midnight Blue project, a security consultancy company, have been working to identify and publicize these vulnerabilities in an effort to promote greater transparency and security in the industry.
- The researchers have discovered several vulnerabilities in the Tetra algorithm, including a meet-in-the-middle attack and a de-anonymization attack, which could be used to compromise the security of the system.
- The use of proprietary encryption algorithms, such as Tetra, is a major concern, as it can make it difficult to verify the integrity of the encryption and can create vulnerabilities that can be exploited by attackers.
- The researchers are calling for greater transparency and regulation in the industry, as well as the adoption of open standards for encryption algorithms.