This talk will present the first public disclosure and security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Additionally, TETRA is widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.
Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which until now have remained secret for over two decades through restrictive NDAs. This secrecy thwarts public security assessments and independent academic scrutiny of the protection that TETRA claims to provide.
We will show how this security-through-obscurity has led to several flaws – which we dubbed TETRA:BURST (tetraburst.com) – in encryption, authentictation, and identity protection schemes going unnoticed and unaddressed, enabling practical attacks for both passive and active adversaries, violating confidentiality, authenticity, and integrity properties of signalling, voice, and data traffic.
Alarmingly, one of the uncovered issues concerns an intentionally and surreptitiously weakened stream cipher (crackable in minutes on commodity hardware by a passive adversary), which continues to be deployed globally by critical infrastructure operators as well as certain government agencies. In addition, we uncovered a practical attack scenario enabling active adversaries to intercept and manipulate traffic regardless of the stream cipher employed and an attack enabling passive adversaries to deanonymize and track law enforcement & military operators.
Furthermore, we will discuss the journey that enabled us to recover the proprietary cryptographic primitives (without having to sign any NDAs) and practically confirm our attack scenarios. This involved exploiting multiple zero-day vulnerabilities in the highly popular Motorola MTM5x00 TETRA radio and its TI OMAP-L138 trusted execution environment (TEE) as well as gaining code execution on and instrumenting a Motorola MBTS base station for research purposes.
This talk will include a demonstration of TETRA radio interception capabilities as well as discuss the potential impact of the uncovered vulnerabilities for different asset owners and outline corresponding mitigations.
Jos Wetzels is a co-founding partner and security researcher at Midnight Blue. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He has uncovered critical zero-day vulnerabilities in dozens of embedded TCP/IP stacks, Industrial Control Systems (ICS), and RTOSes. He previously worked as a researcher at the Distributed and Embedded Security Group (DIES) at the University of Twente (UT) in the Netherlands where he developed exploit mitigation solutions for constrained embedded devices deployed in critical infrastructure, performed security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in research projects regarding on-the-fly detection and containment of unknown malware and APTs.
Carlo Meijer is a co-founding partner and security researcher at Midnight Blue. His research focuses on the analysis of cryptographic systems deployed in the wild. He is known for his work on the security of so-called Self-Encrypting Drives (SEDs). Furthermore, he is known for breaking a hardened variant of Crypto1, the cipher used in the Mifare Classic family of cryptographic RFID tags. Finally, he co-authored research into default passwords in consumer routers as deployed by ISPs in the Netherlands. He is a PhD researcher and systems security lecturer at the Radboud University (RU) in the Netherlands.
Wouter Bokslag is a co-founding partner and security researcher at Midnight Blue. He is known for the reverse-engineering and cryptanalysis of several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world’s fastest public attack against the Hitag2 cipher. He holds a Master’s Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e) and designed and assisted in teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.