For anyone interested in the Slovenian Tetra case look up the guy, his name is Dejan Ornig. He discovered tons of unencrypted comms between 2012 and 2014, disclosed it multiple times to the police and the intelligence agency and they both ignored him. He only went public in 2015 as he felt it was a matter of national security and then got charged and sent to 3 months in jail + 11 months suspended sentence for "unlawful intrusion into private communication between individuals" and "forging of official documents" because they apparently found a fake police badge when they searched his home - which was imho planted because Slovenian cops are generally accepted as not being trustworthy.
“Firmware updates are available…depending upon your vendor.” Security in a nutshell This is what happens when your spec was designed by a bunch of long departed contractors and everybody left in your company works in sales and marketing.
Es wird davon ausgegangen, dass klar ist, dass es strafbar ist und im Notfall muss alles zugänglich sein, sonst hilft niemand, weil es keiner mitbekommen kann...zudem sollte der einfache Zugang den damit Arbeitenden bekannt sein - es gibt ja auch oft Verfahren, in denen Verschlüsselungen oder Passwörter für Mailfächer herausgegeben werden sollen, weil eben Quellen zu schützen sind und Infos dann nur bestimmten Personen zur Verfügung stehen dürfen und Namen erstmal gar nicht.
@@lll-xo6nk Die Russen haben doch - ich glaube seit Jahren diverse Hacks. Erst funktionierten die nur offline also mit vorher aufgezeichnetem Material, der hat da dann irgend ne brute-force drauf los gelassen. Aber später ging das dann auch live. Halt plugins für diverse SDR-Software. Konnte das leider nie testen. Hab hier in der Südeuropäischen Einöde keinerlei TETRA
probably people have, but it is probably 1) very hard to get anywhere with, 2) counter to ideas of security through obstruction, and 3) counter to the interests of nation states edit: it is mentioned by the speaker that a researcher in Slovenia got jail-time for going to the media with this issue (34:19)
Please be very careful, guys. Usually the messenger is punished. It's so much easier and more convenient than to punish the people who really neglect their duties. It's nice to see someone sticking to their integrity and uphold their values. Hope for mankind. Many thanks for your good work!
pause at 54:00 «BM: we were just given those algorithms. And the algorithms were designed with some assistance from some government authorities, let me put it that way.» Well, that's reassuring, no government authority ever had the incentive to weaken security for encryption algorithms, some of them specifically designed for exports 😌. Incredible work!
We know exactly how many open source standard encryption methods work (NO obfuscation) and they still cannot be readily hacked... and if there's bug in implementation, it's FIXES very fast exactly because it's open source. Obfuscation is not in any way helping security, ever! And once it's cracked, there's difficulty of getting any firmware updates and one might have to completely change out their hardware for another vendor if vendor doesn't react within days or preemptively by continuously trying to crack their own firmware and then improve it before vulnerabilities come known... And no business wants to do that. They're in it for the money so they put as little resources into that as possible and instead market an sell their product as much as possible.
Nice talk! 57:00 afaik GDPR explicitly requires you to patch your systems, do active measures for protecting personal data, and it is clear that you have to do extra effort to protect sensitive personal data (eg data about medical condition, sexual orientation, ...)
Hey don’t sell yourself short! A high school graduate has no more true knowledge than YOU, they don’t teach true knowledge in school, that comes from going within, and of course from not being too afraid of the real truth, or scared of the consequences for finding it, ,and not being too lazy to put it all together 💯
"more details in our CCCamp talk" @12:38. Is this talk available anywhere? Are there any other details available on the technical details of the arm -> dsp -> extract secrets work?
I doubt that TETRA is actually used for time critical applications like breaking a train. But I understand that a train can be stopped if a certain message is dispatch, like "person on the rail" etc.
TETRA should utilize bilateral handshake of the device and a silicon-dipped authentication cartridge replaced give or take quarterly. A foreign institution would take care the old ones return intact which would result in continuing the cooperation with the client. Systems of trust are stronger than cryptography.
I am not even going to ask about Greece ,after the surveillance scandal where the prime minister was listening in on his ministers,head of army,political opponents and businessmen....
Seems more like “due diligence" rather than a scandal. If you have a security apparatus that can gain this sorta info, who can really blame politicians for using all the toys in their paramility toolbox?
@@shelltoe_soul Literally everyone can blame them. If you need to spy on your subordinates and citizens to maintain your power, you are unequivocally a tyrant.
This video has definitely grabbed my attention i dont knowany thing about this sector but want to learn any freelance work i could do to help develope the skills .this is so dope😮😮😮😮
1:02:05 answers that. Because they don't want to export algorithms that are too good. They want to have backdoors/vulnerabilities that they can exploit if needed.
Besides what @Kyuubi said: - A lot of run of the mill algorithms are quite compute intensive, which means more expensive components, and higher power draw (Lower battery life, bigger heatsinks, more weight, etc.) - So developing their algorithm might allow them to make more competitive products - Some customers might have restrictions on the encryption methods they can use, whether self imposed or by a higher authority, and might not be allowed to use public algorithms - So if they want to sell to these markets, they need a system with a proprietary algorithm - Most customers don't care about whether the algorithm is proprietary or open, they want to throw money at a problem and get something that meets their needs. As security professionals/enthusiasts we know an open solution is more secure, but their customers are not security experts - So they blindly trust what they're told by vendors Remember, the priority for a business is more profit, not more security. Whether that's the customer, or vendor, or the engineers, security is a means to an end, and it will always be treated that way.
@@almc8445 Any decent modern microcontroller nowadays can be equipped with a fast HW based crypto core with almost none power consumption impact. It may have been different in the past (20 years ago), but it cannot be taken as an excuse today.
Das Wort "Radio" kann in Englisch auch die Bedeutung "Funkgerät" haben. Also z.b. bei 10:32 steht auf der Präsentation 'Pick the right radio', damit ist gemeint das sie erstmal einfach überlegt haben welches Funkgerät sie kaufen, um dann die Algorithmen darin zu studieren
This is being beaten to death. We get it; 20+ year old radios are insecure. This just in! Common house locks can be bypassed with a brick through a window.
For anyone interested in the Slovenian Tetra case look up the guy, his name is Dejan Ornig. He discovered tons of unencrypted comms between 2012 and 2014, disclosed it multiple times to the police and the intelligence agency and they both ignored him. He only went public in 2015 as he felt it was a matter of national security and then got charged and sent to 3 months in jail + 11 months suspended sentence for "unlawful intrusion into private communication between individuals" and "forging of official documents" because they apparently found a fake police badge when they searched his home - which was imho planted because Slovenian cops are generally accepted as not being trustworthy.
Wow that story sounds like something straight out of Hollywood...
brilliant. Guy tries to help ends up in jail
@@tizwah Sounds like a typical government to me
He should have realized, these guys in the intelligence community already knew all about it, they created it. They really didn't want it exposed.
EU is getting increasingly more dystopian
“Firmware updates are available…depending upon your vendor.” Security in a nutshell
This is what happens when your spec was designed by a bunch of long departed contractors and everybody left in your company works in sales and marketing.
Have a friend working at the NSA the encryption used in these is can be easily cracked for the purpose of intelligence agencies to get into them.
@@namefull_slavefirmware would not likely be different per vendor at that point you are making completely different products.
I have a friend working at the NSA and he said your friend is wrong and that he must return these rj45 cables he's stealing
i wonder if it is a dig at motorola because they love EOL-ing radios
@@zxcaaqyour friend just disclosed a method. Str8 to jail.
Ha! Good one on the title.
Amazing research on this very critical application!
I wonder why no one has looked into this before, even though it is so commonly used?!
Es wird davon ausgegangen, dass klar ist, dass es strafbar ist und im Notfall muss alles zugänglich sein, sonst hilft niemand, weil es keiner mitbekommen kann...zudem sollte der einfache Zugang den damit Arbeitenden bekannt sein - es gibt ja auch oft Verfahren, in denen Verschlüsselungen oder Passwörter für Mailfächer herausgegeben werden sollen, weil eben Quellen zu schützen sind und Infos dann nur bestimmten Personen zur Verfügung stehen dürfen und Namen erstmal gar nicht.
They keep it secret so you can't research it
@@lll-xo6nk Die Russen haben doch - ich glaube seit Jahren diverse Hacks. Erst funktionierten die nur offline also mit vorher aufgezeichnetem Material, der hat da dann irgend ne brute-force drauf los gelassen. Aber später ging das dann auch live. Halt plugins für diverse SDR-Software.
Konnte das leider nie testen. Hab hier in der Südeuropäischen Einöde keinerlei TETRA
probably people have, but it is probably 1) very hard to get anywhere with, 2) counter to ideas of security through obstruction, and 3) counter to the interests of nation states
edit: it is mentioned by the speaker that a researcher in Slovenia got jail-time for going to the media with this issue (34:19)
It's like with open source - theoretically some people can check all this. But this costs effort and money.
Please be very careful, guys. Usually the messenger is punished. It's so much easier and more convenient than to punish the people who really neglect their duties. It's nice to see someone sticking to their integrity and uphold their values. Hope for mankind. Many thanks for your good work!
Yeah these guys will probably get Euro-Clinton'd soon 🙁
I just watched the TETRA video yesterday and now I even get a continuation, how great is that!
which one?
Wow, super interesting!!
The demos looked amazing and it makes me curious to see the de-anonymisation of public services.
pause at 54:00 «BM: we were just given those algorithms. And the algorithms were designed with some assistance from some government authorities, let me put it that way.»
Well, that's reassuring, no government authority ever had the incentive to weaken security for encryption algorithms, some of them specifically designed for exports 😌.
Incredible work!
Whats more, I bet no one (either inside or outside ETSI) knows which level of "assistance", actors involved etc...
We know exactly how many open source standard encryption methods work (NO obfuscation) and they still cannot be readily hacked... and if there's bug in implementation, it's FIXES very fast exactly because it's open source.
Obfuscation is not in any way helping security, ever!
And once it's cracked, there's difficulty of getting any firmware updates and one might have to completely change out their hardware for another vendor if vendor doesn't react within days or preemptively by continuously trying to crack their own firmware and then improve it before vulnerabilities come known...
And no business wants to do that. They're in it for the money so they put as little resources into that as possible and instead market an sell their product as much as possible.
Excellent work!
Interesting. I didn't plan to watch the whole video because this isn't my field in any sense but I found it very interesting so ended up watching all.
31:53 nostalgia kicking in 🎶😻
the security guard at this cinference must have been sweating haha /looking at his radio constantly
Oh no its security through obscurity
Life 🧬
Thank you very much for your research!... I waited 10 years for this report!...
Thank you, thank you!
Kind regards.
Mrs. Ragone ❤
Good old security by obscurity. It’s mindboggling how countries can buy ”trust us” security equipment.
Open source 🐱😁....
nice power move, using a 1998 laptop for your exploit :D
Its useful for state actors to know about a weakness, make you think if this is why it is not being closed.
You know you're in trouble when hackers go to a Vintage Computer Festival to prove their point.
Nice talk!
57:00 afaik GDPR explicitly requires you to patch your systems, do active measures for protecting personal data, and it is clear that you have to do extra effort to protect sensitive personal data (eg data about medical condition, sexual orientation, ...)
I'm ignorant to this subject, HS drop out.. Idk why YT suggested this but it's cool.. Where do you start with this stuff?
Hey don’t sell yourself short! A high school graduate has no more true knowledge than YOU, they don’t teach true knowledge in school, that comes from going within, and of course from not being too afraid of the real truth, or scared of the consequences for finding it, ,and not being too lazy to put it all together 💯
These dudes are gonna be rockstars.
Wym
Little late to the party here…been trying to follow for some time, it’s hard some times…..but thanx so much for this information
Let the games begin
"more details in our CCCamp talk" @12:38.
Is this talk available anywhere? Are there any other details available on the technical details of the arm -> dsp -> extract secrets work?
this is some serious hacking. good talk! thanks!
So when they say backdoor, they mean the security is weak on purpose? Or just "so weak it functions as a backdoor"?
Yes, they mean the system was purposefully broken by design
Like DES
Yes, it's on purpose. Many times it's done so a country's intelligence services can access data on their citizens
Well at least "normal" ppl finally know how the taliban rolled up the ANA so easily.
Hahaha 😂😂😂😂
l need to read about the research as repeatedly hearing "uh" and "umm" during a talk drives me insane.
Very interested in your findings though.
"we now have ipv4" he is not wrong lol
I doubt that TETRA is actually used for time critical applications like breaking a train. But I understand that a train can be stopped if a certain message is dispatch, like "person on the rail" etc.
TETRA should utilize bilateral handshake of the device and a silicon-dipped authentication cartridge replaced give or take quarterly. A foreign institution would take care the old ones return intact which would result in continuing the cooperation with the client. Systems of trust are stronger than cryptography.
2 minutes in... I'm pretty sure this isn't about the Tetragonopterus fish
I am not even going to ask about Greece ,after the surveillance scandal where the prime minister was listening in on his ministers,head of army,political opponents and businessmen....
Seems more like “due diligence" rather than a scandal. If you have a security apparatus that can gain this sorta info, who can really blame politicians for using all the toys in their paramility toolbox?
@@shelltoe_soul Literally everyone can blame them. If you need to spy on your subordinates and citizens to maintain your power, you are unequivocally a tyrant.
i think i'm in love
Is this for police scanner radios or something else?
I'm from Australia, we use P25 for emergency services and public services, I don't know where tetra is utilised. Only police are encrypted though
so basically rot13
Thank you for posting this!
This video has definitely grabbed my attention i dont knowany thing about this sector but want to learn any freelance work i could do to help develope the skills .this is so dope😮😮😮😮
12345 ist mein Passwort. Pssst, nicht weitersagen.
Looks like TEA1 and TEA (tiny encryption algorithm) have something in common!
why don't they just use a standard algorithm like aes-gcm or chacha20-poly1305
1:02:05 answers that. Because they don't want to export algorithms that are too good. They want to have backdoors/vulnerabilities that they can exploit if needed.
Besides what @Kyuubi said:
- A lot of run of the mill algorithms are quite compute intensive, which means more expensive components, and higher power draw (Lower battery life, bigger heatsinks, more weight, etc.) - So developing their algorithm might allow them to make more competitive products
- Some customers might have restrictions on the encryption methods they can use, whether self imposed or by a higher authority, and might not be allowed to use public algorithms - So if they want to sell to these markets, they need a system with a proprietary algorithm
- Most customers don't care about whether the algorithm is proprietary or open, they want to throw money at a problem and get something that meets their needs. As security professionals/enthusiasts we know an open solution is more secure, but their customers are not security experts - So they blindly trust what they're told by vendors
Remember, the priority for a business is more profit, not more security. Whether that's the customer, or vendor, or the engineers, security is a means to an end, and it will always be treated that way.
AES wasn’t proposed until 1999 or so, it wasn’t available in 1995, and cheap silicon to run it was several more years away.
@@almc8445 Any decent modern microcontroller nowadays can be equipped with a fast HW based crypto core with almost none power consumption impact. It may have been different in the past (20 years ago), but it cannot be taken as an excuse today.
Do P25 next
Ist mit dem Begriff "Radio" Funk-Netz gemeint, oder welcher Standart oder welche Bandbreite?
Es geht um den den TETRA Funkstandard
Das Wort "Radio" kann in Englisch auch die Bedeutung "Funkgerät" haben. Also z.b. bei 10:32 steht auf der Präsentation 'Pick the right radio', damit ist gemeint das sie erstmal einfach überlegt haben welches Funkgerät sie kaufen, um dann die Algorithmen darin zu studieren
This is being beaten to death. We get it; 20+ year old radios are insecure.
This just in! Common house locks can be bypassed with a brick through a window.
software is only ever as good as the limiting hardware you run it on.
a repost ?
08 2023
Greetings. I am Victoria . Aka Source Creator. You are severely outdated technology
I am indeed. How did you know?
Is this how Pegasus works too ? Is this how the data is haystacked by the spooks ?
i don't think this guy understands how radio works.
Ääääh
Äääähhhmmmm.....
Dude...
Bona fide is latin, please don't bastardize Latin with English pronunciation
lol