This talk at BLACK HAT USA 2023 was the first public disclosure and security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Additionally, TETRA is widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.  In this talk, we will make public these cipher suites (TEA and TAA1 to be precise) for the first time, and finally enable public review of one of the last bastions of widely deployed secret proprietary cryptography. (a)

“Redacted Telecom Talk”
(aka All Cops Are Broadcasting: Breaking TETRA After Decades in the Shadows) 

• 11:20am-12:00pm PST
• Mandalay Bay H, Level 2
• Format: 40-Minute Briefings

Carlo Meijer  |  Founding Partner and Security Researcher, Midnight Blue
Wouter Bokslag  |  Founding Partner and Security Researcher, Midnight Blue
Jos Wetzels  |  Founding Partner and Security Researcher, Midnight Blue

Articles on the TETRA Backdoor Research (after First News Embargo Lifted)

Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios

“The TETRA standard is used in radios worldwide. Security researchers have found multiple vulnerabilities in the underlying cryptography and its implementation, including issues that allow for the decryption of traffic.

Midnight Blue will be presenting their findings at the upcoming Black Hat cybersecurity conference in August. The details of the talk have been closely under wraps, with the Black Hat website simply describing the briefing as a “Redacted Telecom Talk.” That reason for secrecy was in large part due to the unusually long disclosure process. Wetzels told Motherboard the team has been disclosing these vulnerabilities to impacted parties so they can be fixed for more than a year and a half. That included an initial meeting with Dutch police in January 2022, a meeting with the intelligence community later that month, and then the main bulk of providing information and mitigations being distributed to stakeholders. NLnet Foundation, an organization which funds “those with ideas to fix the internet,” financed the research.” (1)

This article is also discussed on the CYBER podcast – which you can find at this link,

Code Kept Secret for Years Reveals Its Flaw—a Backdoor

“A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities. But now it’s finally getting a public airing thanks to a small group of researchers in the Netherlands who got their hands on its viscera and found serious flaws, including a deliberate backdoor.

The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure. It’s used to transmit encrypted data and commands in pipelines, railways, the electric grid, mass transit, and freight trains. It would allow someone to snoop on communications to learn how a system works, then potentially send commands to the radios that could trigger blackouts, halt gas pipeline flows, or reroute trains.” (2)

https://oodaloop.com/ooda-original/2023/08/08/the-ooda-loop-planning-guide-for-blackhat-2023-and-defcon-31-online-and-virtual-events/