Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

ETSI Dismisses Claims of 'Backdoor' Vulnerabilities in TETRA Standard

Nonetheless, European standards body revised the wireless standard and insists its integrity remains sound.

Keyboard with a reject key
Source: Prostock-studio via Alamy Stock Photo

ETSI is pushing back against claims of major vulnerabilities in its Terrestrial Trunked Radio (TETRA) standard and said work had already begun working on enhancing the standard before researchers revealed a series of vulnerabilities

In a statement, the European Telecommunications Standards Institute (ETSI) also said there is an ongoing maintenance program to ensure standards remain sound in an evolving security landscape.

This led to revised standards for TETRA being released in October 2022. "To adapt to technology innovations and potential cybersecurity attacks, including from quantum computers, the ETSI technical committee TCCE has completed work on new algorithms designed to secure TETRA networks," the standards body said in a statement. Two new specifications, ETSI TS 100 392-7 and ETSI TS 100 396-6, were developed by TCCE with experts from ETSI's quantum safe cryptography group.

Researchers from Midnight Blue this week disclosed a series of backdoor vulnerabilities in TETRA that allow communications to be intercepted and monitored by reducing 80-bit keys to a more breakable 32 bits. They will discuss their findings in greater detail in a talk at Black Hat USA next month.

Where Is the Backdoor?

Midnight Blue founding partner Wouter Bokslag says the term backdoor in CVE-2022-24402 was justified and believes there are lots of different parties affected by this backdoor.

For its part, ETSI dismissed this claim and said it doesn't constitute a backdoor. Bokslag countered with Wikipedia's definition: a covert method of bypassing normal authentication or encryption. Intentional weakening without informing the public seems like the definition of a backdoor, he adds.

"ETSI's issue with the term backdoor supposedly follows from the requirement that a backdoor must constitute a covert method, as opposed to something that is publicly known. They state that, since it has been subject to export control regulations, TEA1 is not covertly weakened," Bokslag says. "We reject this position, since TEA1, just like its counterparts, uses 80-bit keys and is, to the best of our knowledge, never advertised as providing weaker security guarantees."

Bokslag says that there is no reason ETSI would be aware of exploitations in the wild, unless customers contacted ETSI after detecting anomalies in their network traffic. "Assuming this pertains to TEA1, since it can be passively intercepted and decrypted, there is no detectable interference, and ETSI not knowing any concrete cases seems like a bit of a meaningless statement."

ETSI praised the researcher's determination of the overall strength of the TETRA standard, and that they found no weaknesses in the TEA2 and TEA3 algorithms following extensive analysis.

ETSI also acknowledged that there are some general areas for improvement in the TETRA protocol, as well as weaknesses in the TEA1 algorithm. It claimed the revised standards released last October mitigate the potential to discover the identities of mobile radio terminals which are using TEA versions 5, 6, and 7.

ETSI and TCCA said they aren't currently aware of any exploitations on operational networks, and they continue to invest in and develop the TETRA standard so that it remains safe and resilient for the public safety, critical infrastructure, and enterprise organizations that rely on it.

Read more about:

Black Hat News

About the Author

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights