219
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Researchers find 'backdoor' in encrypted police and military radios::The TETRA standard is used in radios worldwide. Security researchers have found multiple vulnerabilities in the underlying cryptography and its implementation, including issues that allow for the decryption of traffic.

top 16 comments
sorted by: hot top controversial new old
[-] redcalcium@lemmy.institute 86 points 1 year ago

Remember, if the "good guys" got a backdoor access, the bad guys can use that backdoor too. In fact, the bad guys will probably use the backdoor much more frequently, which is why attempts to place backdoor on end-to-end encryption by various governments are very dangerous.

[-] Octagon9561@lemmy.ml 65 points 1 year ago

I'm willing to argue that "good guys" demanding backdoors are bad guys too.

[-] SmellyNinja@lemmy.world 39 points 1 year ago

Encryption ๐Ÿ‘ is ๐Ÿ‘Not ๐Ÿ‘ a ๐Ÿ‘ Crime ๐Ÿ‘

[-] PeterPoopshit@lemmy.world 8 points 1 year ago

Is there a list of situations where it's illegal to use encryption in the US? It's 100% illegal to transmit encrypted data over ham radio (although transmitting unencrypted packets and accessing the internet through unencrypted means over ham radio is not). I'm not sure of what other situations where using encryption is illegal though.

[-] SimplePhysics@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

Hm, where does https play in though? Most, if not all, popular websites now use encryption. If Alice were to access Bobโ€™s site via ham radio and his site uses https, is Alice breaking the law?

[-] NeoNachtwaechter@lemmy.world 1 points 1 year ago

where it's illegal to use encryption in the US?

As soon as you try to cross a border to the world outside ...

[-] Marsupial@quokk.au 11 points 1 year ago

Anyone demanding back door is a bad guy regardless.

Both parties have to consent, you canโ€™t just pressure your partner to let you in down there.

[-] Xtallll@lemmy.blahaj.zone 30 points 1 year ago* (last edited 1 year ago)

A couple of things to keep in mind, some of which are in the article, some aren't:

TETEA is mostly used by first responders. The primary benefit of first responders using encrypted comm is to prevent unauthorized users interfering with real time communication in a crisis.

While the US military uses TETRA in some overseas locations, it is mainly used to coordinate with local emergency services, and has never been viewed as a secure form of communication.

Lastly, not to be too US centric but TETRA is almost never used in America, where Project 25(P25) is mandated for most originations. P25 was developed after 9/11 as a radio interconnect standard for emergency services and first responders that allows radios to communicate regardless of manufacturer.

[-] Xtallll@lemmy.blahaj.zone 7 points 1 year ago

P25 only uses 56 bit encryption, there are better systems if you want to ensure that only the intended recipient will be able to receive your transmission. P25 is great for when you want to make sure that all your intended recipients can receive and intended senders can send, while minimizing undesired senders being received.

I probably could have done better with the wording on the link to a video contradicting what I'd said. It's not meant to be taken seriously but that only really becomes obvious when you click through to find a video on how to make use of its flaws to disrupt traffic and listen in. Not everybody is going to do that though.

[-] Shit@sh.itjust.works 4 points 1 year ago

For now. Thanks love defcon videos!

A lot of the material in those videos is way over my head but it's interesting to see what people are out there working on. Good for when I'm frustrated with my own projects and want to think about something else for a while. They show some interesting ways to mess with common P25 radios and while I don't recall whether they went after a flaw in the protocol or the manufacturer's implementation, part of it is also taking advantage of flaws built into the human operator which is always cool.

[-] Shit@sh.itjust.works 3 points 1 year ago

Yeah defcon has some interesting exploits. I remember seeing one about recording keystrokes with audio and working out the sound of each key press to extract a Password.

[-] JackGreenEarth@lemm.ee 1 points 1 year ago

Cool! Now we'll all know, as Russia did all along, what the government is doing - until they patch this.

[-] rockSlayer@lemmy.world 9 points 1 year ago

Unfortunately standards like this don't get patches, they get replaced. The good news is that TETRA, at least from a US standpoint, has never been viewed as secure and isn't used by the military for tactical communication

this post was submitted on 24 Jul 2023
219 points (98.7% liked)

Technology

60142 readers
3307 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS