In this talk, we will present the first public security analysis of TETRA end-to-end encryption (E2EE) used for the most sensitive communications - such as those by intelligence agencies and special forces. In all-new material, we present seven security vulnerabilities pertaining to TETRA and its E2EE, three of which are critical. TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities. While we previously reverse-engineered and published the then-secret algorithms underpinning TETRA cryptography, the vendor-proprietary E2EE solution (which enjoys significant end-user trust) intended for the most critical use cases remained undisclosed and proved quite hard to obtain. Given the opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers), we decided to undertake the effort of reverse-engineering a TETRA E2EE solution. We did this by extracting it from a popular Sepura radio and discovering several critical 0-day vulnerabilities in the radio in the process, presenting additional key extraction and covert implanting vulnerabilities. We will publish the E2EE design along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits. In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us. Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks. By: Carlo Meijer | MSc, Midnight Blue Wouter Bokslag | MSc, Midnight Blue Jos Wetzels | MSc, Midnight Blue Full Session Details Available at: https://ift.tt/J9qIkXg
source https://www.youtube.com/watch?v=oUhb2tTgmgg
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment