The European Telecommunications Standards Institute (ETSI) has announced plans to open-source the encryption protocols for Terrestrial Trunked Radio (TETRA), a widely utilized radio communication standard in Europe. ETSI’s decision follows the discovery of critical vulnerabilities in the TETRA protocol by Dutch security firm Midnight Blue, which successfully hacked a Motorola radio employing TETRA.
Midnight Blue revealed a significant flaw in the cryptographic TEA1 algorithm, labeled TETRA: Burst, allowing them to backdoor the algorithms and reduce an 80-bit encryption key to a size susceptible to brute-force attacks. ETSI’s move aims to enhance transparency and security, enabling collaborative scrutiny to identify and address potential flaws before widespread deployment, particularly in critical infrastructure networks.
This decision by ETSI comes in response to the urgency highlighted by Midnight Blue’s findings, emphasizing the importance of making the Air Interface algorithms and cryptographic protocols public. The vulnerabilities exposed by Midnight Blue pose particular concerns for private security services responsible for safeguarding critical infrastructure such as airports and harbors, where radios encrypted with TEA1 may be utilized. The move towards open-sourcing not only the algorithms but also releasing design documents for deciphering the cipher protocol is deemed essential by Midnight Blue for a comprehensive understanding of TETRA’s security landscape.
Wouter Bokslag, co-founder of Midnight Blue, underscores the significance of opening up the TETRA algorithms, stating that it will enable the research community to assess TETRA more effectively and comprehend the level of security it offers. ETSI’s commitment to transparency aligns with the evolving landscape of cybersecurity, where collaboration and scrutiny are vital components in fortifying digital communication standards against potential threats and vulnerabilities.