ETSI Dismisses Claims of Backdoor Vulnerabilities in TETRA Standard

Nonetheless, European standards body revised the wireless standard and insists its integrity remains sound.

ETSI is pushing back against claims of major vulnerabilities in its Terrestrial Trunked Radio (TETRA) standard and said work had already begun working on enhancing the standard before researchers revealed a series of vulnerabilities
In
a statement
, the European Telecommunications Standards Institute (ETSI) also said there is an ongoing maintenance program to ensure standards remain sound in an evolving security landscape.
This led to revised standards for TETRA being released in October 2022. To adapt to technology innovations and potential cybersecurity attacks, including from quantum computers, the ETSI technical committee TCCE has completed work on new algorithms designed to secure TETRA networks, the standards body said
in a statement
. Two new specifications,
ETSI TS 100 392-7
and
ETSI TS 100 396-6
, were developed by TCCE with experts from ETSIs quantum safe cryptography group.
Researchers from
Midnight Blue this week disclosed a series of backdoor vulnerabilities
in TETRA that allow communications to be intercepted and monitored by reducing 80-bit keys to a more breakable 32 bits. They will discuss their findings in greater detail
in a talk at Black Hat USA
next month.
Midnight Blue founding partner Wouter Bokslag says the term backdoor in CVE-2022-24402 was justified and believes there are lots of different parties affected by this backdoor.
For its part, ETSI dismissed this claim and said it doesnt constitute a backdoor. Bokslag countered with
Wikipedias definition
: a covert method of bypassing normal authentication or encryption. Intentional weakening without informing the public seems like the definition of a backdoor, he adds.
ETSIs issue with the term backdoor supposedly follows from the requirement that a backdoor must constitute a covert method, as opposed to something that is publicly known. They state that, since it has been subject to export control regulations, TEA1 is not covertly weakened, Bokslag says. We reject this position, since TEA1, just like its counterparts, uses 80-bit keys and is, to the best of our knowledge, never advertised as providing weaker security guarantees.
Bokslag says that there is no reason ETSI would be aware of exploitations in the wild, unless customers contacted ETSI after detecting anomalies in their network traffic. Assuming this pertains to TEA1, since it can be passively intercepted and decrypted, there is no detectable interference, and ETSI not knowing any concrete cases seems like a bit of a meaningless statement.
ETSI praised the researchers determination of the overall strength of the TETRA standard, and that they found no weaknesses in the TEA2 and TEA3 algorithms following extensive analysis.
ETSI also acknowledged that there are some general areas for improvement in the TETRA protocol, as well as weaknesses in the TEA1 algorithm. It claimed the revised standards released last October mitigate the potential to discover the identities of mobile radio terminals which are using TEA versions 5, 6, and 7.
ETSI and TCCA said they arent currently aware of any exploitations on operational networks, and they continue to invest in and develop the TETRA standard so that it remains safe and resilient for the public safety, critical infrastructure, and enterprise organizations that rely on it.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
ETSI Dismisses Claims of Backdoor Vulnerabilities in TETRA Standard