After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public

  /     /     /  
Publicated : 23/11/2024   Category : security


After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public


After the encryption algorithm used by public safety, military, and governments globally was found to allow eavesdropping, standard maintainers are making TETRA open source.



The encryption algorithms used to secure emergency radio communications will now soon be released to the public domain, with the aim of encouraging code review and bug hunting.
The news comes after
multiple vulnerabilities were found in TETRA,
short for Terrestrial Trunked Radio, which is a radio voice and data standard mainly used by emergency services, such as police, fire brigade, and military, as well as in some industrial environments. The bugs were found by Midnight Blue Labs earlier this year, and the research was
presented at Black Hat USA,
showcasing additional zero-day vulnerabilities that could allow anyone to spy on or manipulate transmissions. 
This decision to go public is a complete 180-degree turn for standard-maintainer ETSI, which originally
pushed back against any claims of vulnerabilities
within TETRA when they were initially found, claiming that the work to enhance the standard was already underway.
Since then, a technical committee overseeing the TETRA standard met in October to decide on making the algorithms open to the public. Ultimately, the group came to a unanimous decision to open-source all of the TETRA Air Interface cryptographic algorithms. 
Brian Murgatroyd, an ESTI committee chairman, noted that the meeting was attended by a substantial amount of the TETRA community, including operators, users, manufacturers, and governments, and that following publication of the algorithms, we are open to academic research for independent reviews.
The algorithms will enter the public domain alongside the standards original authentication and key management specification (TAA1), and a the new authentication and key management specification, TAA2.
As yet,
no date has been put in place
for when the algorithms will become accessible.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public