Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

TL;DR: The only newsworthy vulnerability is the breaking TEA1 - which is anyways the least secure of them all and only intended for commercial use (that is, no emergency services).

https://www.tetraburst.com/



The question is, did things like emergency services actually use the higher levels, or did they just use TEA1?

It's kind of like saying...

Vendor: "We support up to 1 zillion bit encryption!"

User: "What's the default out of the box?"

Vendor: "10 bit"


> TL;DR: The only newsworthy vulnerability is the breaking TEA1

This is IMHO a very unfair TLDR; . The news is that the researchers claim that there is deliberate backdoor, which ETSI denies. If it is true, there cannot be any further trust in other proprietary parts as well.


Some installations have additional cryptography.

Which alone implies that the Tetra crypto security theatre is well known in that industry, and isn't a surprise to vendors in the slightest.


It appears to be used for infrastructure, including things like power and transportation signals here in the US.


Are you sure? TETRA uses frequency-hopping spread spectrum, which requires a much wider contiguous bandwidth allocation for this modulation and use. That allocation doesn't exist in the US.

The lack of any large allocation for this kind of radio is a big part of why US first responders are stuck with P.25, which is narrowband FM. If there were a wide-enough band in which it could be used, a lot of first responders would have bought TETRA radios a long time ago. P.25 is easy to jam by brute-force power output, and trivial if you directly attack the error correction bits. TETRA and FHSS have a much much larger ratio of attacker transmit power to victim transmit power.

https://en.wikipedia.org/wiki/Project_25#Jamming_vulnerabili...

(FWIW, P.25 is an even worse dumpster-fire than TETRA...)


Googling “MTA Tetra” turns up a pile of articles about the deployment of TETRA trunked radio for communications in the NYC bus fleet and Staten Island Railroad. And in those articles there’s some controversy about the spectrum and interference issues. I don’t know where else they use TETRA, just that they were cited in some of the original articles about the vulnerabilities.


Ah, looks like they created a much lower-power TETRA in a different band for North American use (search for "low power tetra"):

https://www.powertrunk.com/pressroom/tetra-in-north-america/

That's cool, but it's going to be a niche use at those power levels. One of the things that make TETRA and P.25 so attractive is that you can put a huge, high-power repeater on a hill or tall building and cover a big chunk of a city using (fairly) small low-power handsets. Then multiple agencies (police, fire, spooks, clowns) can all use that repeater and share the cost burden.

The power-limited version looks like it'll always be a fairly niche single-agency-in-single-jurisdiction use. So the threat, while technically not zero, is not at the five-alarm-fire level that it is in Europe.

Edit: also looks like MTA bought their own spectrum license just for this one use:

   MTA owns licenses in 700 MHz and 800 MHz


Hogwash, I think it's worth noting that this European system was intentionally backdoored.

Everybody plays the espionage game, Europe really is no exception, they just like to use the US to keep their hands (mostly) clean.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: