hngopher.com

       [HN Gopher] CCC Talk: All cops are broadcasting Obtaining the se...
       ___________________________________________________________________
        
       CCC Talk: All cops are broadcasting Obtaining the secret TETRA
       primitives [video]
        
       Author : rvdbreemen
       Score  : 15 points
       Date   : 2023-08-20 18:32 UTC (4 hours ago)
        
 (HTM) web link (media.ccc.de)
 (TXT) w3m dump (media.ccc.de)
        
       | rvdbreemen wrote:
       | In this talk we will discuss the radio jailbreaking journey that
       | enabled us to perform the first public disclosure and security
       | analysis of the proprietary cryptography used in TETRA
       | (Terrestrial Trunked Radio): a European standard for trunked
       | radio globally used by government agencies, police, prisons,
       | emergency services and military operators. Besides governemental
       | applications, TETRA is also widely deployed in industrial
       | environments such as factory campuses, harbor container terminals
       | and airports, as well as critical infrastructure such as SCADA
       | telecontrol of oil rigs, pipelines, transportation and electric
       | and water utilities.
       | 
       | For over two decades, the underlying algorithms have remained
       | secret and bound with restrictive NDAs prohibiting public
       | scrutiny of this highly critical technology. As such, TETRA was
       | one of the last bastions of widely deployed secret proprietary
       | cryptography. We will discuss in detail how we managed to obtain
       | the primitives and remain legally at liberty to publish our
       | findings.
       | 
       | This journey has involved reverse-engineering and exploiting
       | multiple zero-day vulnerabilities in the highly popular Motorola
       | MTM5x00 TETRA radio and its TI OMAP-L138 trusted execution
       | environment (TEE) and covers everything from side-channel attacks
       | on DSPs, through writing decompilers headache-inducing DSP
       | architectures, all the way to exploiting ROM vulnerabilities in
       | the Texas Instruments TEE.
        
         | darkclouds wrote:
         | Wouldnt be able to do this in the UK, interception of any radio
         | signals are illegal.
         | 
         | The UK makes China, North Korea, Russia and [Insert most hated
         | country here] look positively amateur.
         | 
         | I wonder where George Orwell got his inspiration for 1984 from?
        
           | FFP999 wrote:
           | [dead]
        
         | contingencies wrote:
         | Great work! Can you post a photo of your lab? I'd love to see
         | what gear you get to play with.
        
       | snvzz wrote:
       | We need open standards for radio protocols, including encryption.
       | 
       | Outside of 802.11, it's a bleak landscape.
        
         | womod wrote:
         | In the two-way radio world, most protocols are open (P25, DMR,
         | LMR, etc.) but almost every digital protocol uses the AMBE[1]
         | voice codec, which is not.
         | 
         | [1] - https://en.wikipedia.org/wiki/Multi-Band_Excitation
        
       ___________________________________________________________________
       (page generated 2023-08-20 23:01 UTC)