The easily determined key for export units feels more like it was a feature not a bug.

@kuhluhOG

10 ай бұрын

depends on who you ask the people who made this system, probably a bug the people who made the export restriction, probably a feature

@KohuGaly

10 ай бұрын

it was a feature in the 90 when the export restriction was in effect. After the restriction was lifted, it became a bug.

@DG1TAL

10 ай бұрын

@@KohuGalyIs it lifted?

@repatch43

10 ай бұрын

100%, TBTB needed to ensure they could decrypt those comms any time they wanted from the beginning

@framegrace1

10 ай бұрын

All those "bugs" are really features, not only the export one. Agencies are more interested into know what their own people is doing, than foreign agencies know what they are doing.

Some of these vunerabilities were exposed by Dejan Ornig (slovenia) back in 2013. Instead of addressing the problems, he got investigated for hacking. He was cooperating with police.

@cleison.

10 ай бұрын

What the hell. I googled his name and his story is really infuriating

I’ve long argued that “proprietary encryption” is a misnomer and otherwise such “hidden” encoding schemes shouldn’t even be considered “Encryption.” The security true encryption provides should come directly from the functional robustness of the scheme not the obscurity of it operation. While I don’t discount the need for proprietary encoding and obfuscation methods in some use cases, I don’t think we should ever categorize these as encryption, unless the algorithms are made public.

@GettNumber

10 ай бұрын

so being able to meet Kerckhoff's Principle. not a bad idea to lock off use of the word "encryption" unless it meets that standard (encryption is increasingly meaning security to average people), just may not be palatable for businessmen that don't understand why they have to publish a "trade secret"

@thewhitefalcon8539

10 ай бұрын

Nation-state actors don't intend to create unbreakable encryption. They want to balance their stuff not being broken with being able to break other people's stuff. So they'll never use standard unbreakable encryption.

@SudaNIm103

10 ай бұрын

@@GettNumber Exactly, call it Kerckhoffs's Principle or Shannon's Maxim, we should clearly accentuate the security distinction between cryptographic robustness and protected secret by definition so that in time even the business associate has at least a mere linguistic appreciation that these things are understood to be distinct. That said it should not be assumed that individual private solution implementers* necessarily have to disclose the details of which open encryption standards they use or refrain from attempting to further obfuscate their encrypted data (if done judiciously) but if the data isn’t encapsulated* at some level by an open public cipher standard* then the data isn’t really protected by encryption. * What is more, private re-implementations of the public encryption standard itself should be avoided; encrypted data should be encapsulated using a standard public encryption library before any other schemes are applied. In the strictest sense of my meaning anything else even an unmodified private re-implementation of an open encryption standard isn’t really encrypted IMHO; I appreciate this isn’t the most practical definition, but I’m fine with it being the “academic” definition.

@f3rny_66

10 ай бұрын

is called a proprietary backdoor lol

@SudaNIm103

10 ай бұрын

@@thewhitefalcon8539 I agree and not suggesting that they will. I’m just saying what they are doing (in many cases) isn’t really encryption because it fundamentally lacks the primary security attribute of encryption and thus shouldn’t be acknowledged as such. I’m under no delusion that my random KZread commentary is going to effectuate any discernible change in existing behaviors, it’s merely a philosophical proposition, but none the less, one I promote in my work.

I watched the CCC presentation on this topic soon after it went up. They did such a phenomenal job breaking this open, and diligently reporting the flaws to overwhelmingly deaf ears. Thanks for sharing this to an even larger audience!

@thewhitefalcon8539

10 ай бұрын

I watched it live at the camp. Unfortunately they did not tell us the algorithm.

@cocusar

10 ай бұрын

@@thewhitefalcon8539Isn't it on their github? I'm no algorithms expert, so I can't figure that out. I got really amazed by what they've done to dump the sbox using the cache of the DSP, that's literally insane.

@hackjealousy

9 ай бұрын

Because they weren’t flaws.

The first thing they taught us is that security by obscurity never works. Haven't people learnt that already?

@framegrace1

10 ай бұрын

Yes, perfectly well, they learnt all this more than well. Clue: For an agency, all those backdoors are features not bugs. Why would they use a bug-free method? then they will not be able to break it when needed.

@Aezur20

10 ай бұрын

Security through obscurity 100% works. Until it doesn't.

@andybrice2711

10 ай бұрын

Nope. People think _"Oh, it's more secret so it's more secure."_ I think a useful analogy is this: Imagine someone tried to sell you a padlock by saying _"It's so secure because it's illegal to look inside it."_ That would obviously be spurious. The same is true for digital encryption.

@jsncrso

10 ай бұрын

TETRA was developed in the mid 90s, it wasn't much of an issue back then

We didn't LEARN that propriety encryption is a bad idea. This CONFIRMED what anyone knowledgeable about encryption already knows and would have told the manufactures, had they bothered to ask (or listen). To paraphrase that saying about sufficiently advanced incompetence, any proprietary encryption should be considered to have a deliberate backdoor.

@JorgetePanete

10 ай бұрын

Any propietary software and hardware

10 ай бұрын

I'm pretty sure the -manufacturers- designers and developers of TETRA were warned. I'm also pretty sure the governments who decided on using this system were warned. But did they care?

@jasonschuler2256

10 ай бұрын

Who’s “we”? Not everyone has the same amount of knowledge as you. Just because you already knew this doesn’t mean someone else isn’t learning this for the first time.

@EwanMarshall

10 ай бұрын

Oh, I know when UK was shifting to TETRA this was being screamed about, to deaf ears.

@joeyoest1105

10 ай бұрын

Proprietary encryption is a great idea… if you don’t want the users to find out about the weaknesses you know about for quite a while.

An export ban on encryption that still allowed exporting some level of encryption would make little sense unless that lower level of encryption didn’t have known ways to exploit it. Being easy to exploit by anyone who knows a weakness in the desing sounds like a feature, not a bug. And you can’t really provide feature like that with an open standard.

@hughlion1817

10 ай бұрын

exactly correct.

@Howtheheckarehandleswit

10 ай бұрын

It is *precisely* the same logic as placing export controls on any armour that is strong enough to protect against your best guns. The US never tried to hide the fact that their export controls on encryption systems with more than a 32 bit key was specifically so that the US could decrypt foreign communications whenever they wanted to. Although why a US export restriction was affecting an agency of the EU is confusing to me.

@Pystro

10 ай бұрын

"And you can’t really provide feature like that with an open standard." Unless you make the strong encryption variant open and the weaker one proprietary. But that that point you're basically advertising to your export clients that there is a back door. And you're at the same time telling them how to modify the software/hardware so that it used the openly available strong encryption variant. (Unless the open encryption variant is different enough from the proprietary variant that they won't run on the same hardware.)

Bruce Schneier has been warning that this kind of thing would happen for ages. He's always been concerned at the adoption of non-open cryptographic algorithms by security agencies.

@snex000

10 ай бұрын

"Warning." Buddy, public communications by public agencies is PUBLIC by design.

@circuit10

10 ай бұрын

@@snex000This is clearly intended to be encrypted

@snex000

10 ай бұрын

@@circuit10 On what authority can our government use our money to hide things from us?

> proprietary standard That’s all you had to say

Security people: "You shouldn't use proprietary algorithms because no one can check if they are good" Business people: "But if no one knows the algorithm it's more secure" Later: Business people: "OH MY GOD TURNS OUT USING PROPRIETARY ALGORITHMS IS BAD!!!"

Most sensible comments section I've ever seen in a long time. Lots of learning too. Cheers to all.

The OTP weakness has been known for DECADES. Yet the work of, in particular, Prof. Rabin (from my poor memory because he gave a talk I attended as a grad student many, many more years ago than I care to admit) and his team created a protocol that exploits the strengths of OTPs but shored up the weaknesses in a very simple yet clever way. They were implementing the protocol at that time - well, intending to do so - which was the mid-2000s and already rather dates me 🥴. FWIW, Rabin is an outstanding researcher, brilliant orator that his lecture still sticks in my mind almost 20 years on!

I was already very impressed that this Totally English person could speak these Dutch names very very goodly!

Clarification: 1. TETRA is not (and has not) been used for any tactical or strategic military communications, it’s not designed for that. 2. TEA-1 being weakened is a feature, not a bug, given the intended user base of TEA-1.

@jplacido9999

10 ай бұрын

TETRA was (is) used for tactical and strategical comms by ignorants that don't understand the basics ... The technology was pushed with the help if the military, by favoring the use of 380-400 MHz mil band to avoid regulatory problems and using it in real military manouvres with blueforce tracking in order to sell it to governments as a "secure" system..😂😂😂. Interlaced jamming is so easy that users cannot even figure out what is going on (and difficult to DF). Blind people leading other blind people...

You have to give ETSI a huge credit for legally allowing all "third world" telecommunications on CRITICAL INFRASTRUCTURE to be tampered with EASILY. Not Computerphile's fault, of course, love you guys

"secret encryption", just like enigma in WW2. The implementation and design was secret, and we all know how good it went for the germans. These people never learn. The power of a community of low to high experts looking at the design is extremely important to discard, but some people think they are special and claim their work needs to be secret for security.

Would love to see an interview with you and John Allen Woods. He's a head of technology, and loves to talk about stuff like this.

In the talk researches said that system uses time in IV, but time can be updated by base station and guess what, it is not authenticated in any way. In attack you are inpersonating base station and transmit time that was used when you captured packets. This at least allows you to decrypt anything that was translated at a given time and derive the key, but the last is relatively slow process.

Backdoored for sure. Same as the NSA-sourced keymat in Windows.

pure proprietary security theater!

Because of all of these mentioned issues with tetra, i am curious to know if there is any open source implementations of it

"All Cops Are Broadcasting" 🤣

@billysgeo

Ай бұрын

Damn! ACAB! NOW I get it!!!

Not a dumb bloke this guy. He's also very good. Clear concise and better english than my Northern Irish English. I enjoyed this.

A tenant of security: If we have figured out how to defeat it, then someone else already has figured out how to defeat it.

Wait isn't the whole standard (besides the encryption algos) publicly available?

@thewhitefalcon8539

10 ай бұрын

Probably?

@DG1TAL

10 ай бұрын

Yes, ETSI EN 300 392. Also, most TETRA systems outside public safety are completely unencrypted because that saves a ton of money. So the encryption is proprietary but the standard is completely useable without it.

Security by obscurity is not security - this is what I learned in school nearly 40 years ago. And I've become cynical enough to believe that such errors (as the suspicious "s box") on the part of management are intentional.

Are there any open source digital radio protocols for walkie-talkies that support encryption?

Anyone know what specific hardware was compromised?

sounds like the key fob vulnerabilities except with this one you don't have to do it in real time if I understand correctly there's not a person there pressing their own fob.

This story reminds me of the group that tried to analyze why the government redacts information from all the recentlu publicly available FOIYA requests, and before the feds shut them down their initial data showed most of the redactions weren't covering conspiracies but mostly just mistakes and embarrassing slip ups.

Love how i can immediately hear he's dutch, despite the British accent

@blahdelablah

10 ай бұрын

He has got a Dutch accent, but not a British accent.

@TonyWhitley

10 ай бұрын

He speaks first class English with a slight Dutch accent.

Security through obscurity only works for as long as nobody cares to actually look into it. The only way a system can be considered secure is if it plays its cards face up and nobody could crack it anyway.

Why not give a link to the original paper for people willing to read it?

Did I understand correctly that they were able to reconstruct an 80-bit key from a subset of 32 bits? That seems like a very bad key algorithm.

Security through obscurity is not security

one point is missed - some of these vulnerabilities may have been there for a reason, and combined with export restrictions it would allow the original country to have a look at what the recipient is doing with it, and in case of Iran, it isn't exactly a bad thing, so people who developed this may have been tasked to deliberately do this and it isn't like governments haven't done stuff like this since then, like FBI and Apple saga

Accident or intentional?

Incredible. People who understand cryptography, know the perils of creating their own proprietary closed encryption system. If security comes from the secrecy of how the algorithm works, it is not secure. Because if that is all it has, then it has nothing, because reverse engineering will reveal the algorithm, stripping it of the only security they thought they had. A classic case of, _"If_ _you_ *_think_* _you_ _know_ _cryptography,_ _you_ _don't"._ It seems the Dunning-Kruger Effect could be at play with those people. People who actually understand cryptography, understand that no one intellect alone can assure the maximal strength of any encryption algorithm (outside of the OTP of course). I mean when you consider that major weaknesses have slipped by all of the World's crypto experts combined, for many years, it blows my mind that any one person could think that they know better.

You mean, security through obscurity doesn't work? Wow, this is brand new news to the world! /s

Good video

5:36 That's not a one-time pad. A one-time pad is a cipher where the key is at least as long as the message, and for every plaintext-ciphertext pair, there is a key that encrypts that plaintext to that ciphertext. A PRNG seeded with a key shorter than the message and then xored with the message is not a one-time pad.

Wow! This is crazy!

10:13 Isn't that effectively what allowed the Enigma code to be broken?

Security by obscurity will NEVER work

I agree off-the-bat, it should _never_ have been proprietary!

That means my XOR only encryption is a bit insecure, even with internal hash functions

@lepidoptera9337

8 ай бұрын

Curiously, it's the most secure thing you can do, if you use one time pad ciphers. And honestly... why would you use anything else in a day and age of 4Tbyte SSD drives? One drive is enough for years of voice communications. ;-)

The issue I see with the likes of TEA2 is most of the kit is made outside the EU. Even if they shouldn't those external countries will have the implementation and it will likely be further subcontracted out the another tin pot outfit. Seen it so many time with propensity standards.

Seems like an interesting topic ❤🔥

14:57 probably that this mistake wouldn't have survived scrutiny was a reason to keep it secret. As they sold the whole system to basically enemy states, they didn't want them to know how weak there version was.

This is one more example of why loosening encryption even a little bit (to allow say governments to unlock phones when they acquire a warrant) is always a bad idea. You fundamentally break the robustness of the algorithm and make things like this possible. There do even exist standards for multi-key cryptography (where more than one secret key can decrypt ciphertext made with the corresponding public key), but even that has to assume / trust that the secret key given to the third party won't be compromised or stolen. It is hard enough protecting secret keys in your possession, let alone formally verifying that a 3rd party has kept a second key secure.

What's this TEA? The TEA that I'm aware of is Tiny Encryption Algorithm, which is a block cipher, not a stream cipher.

Good to know the EU wasted almost €2bn in 1995 money on this flawed system.

The vulnerabilities were NOT a mistake. It was purposeful.

Woah for a second i thought it affected Pokemon Go 😢 Whew!! ❤

If you're sending your enemies encryption methods...of course they're going to be weak?

A proprietary standard sounds like some money somewhere changed some hands

Tetra Burst sounds like a sick attack name

Basing public safety infrastructure encryption on a proprietary standard is just a bad idea right from the jump. Basing it on a "government endorsed" standard (or, even worse, using "government endorsed" magic numbers) is downright madness. Our algorithms should be publicly discussed, and every entity should take responsibility for finding their own magic numbers so that NO ONE ELSE KNOWS THEM, even only in theory. The job of the cryptography community is to make this realistically possible, by providing straightforward open-source tools for doing the necessary establishment operations. In other words, the main job of the crypto community, in my opinion, is to get us past this "never roll your own crypto" era - we need for the best practice to be "always roll your own crypto, using the most up-to-date best practices."

What's the likelihood of a police scanner coming soon?

Security by obscurity ... isn't.

I knew this video was coming. I haven't even watched the talk yet. Prime example of obscurity != security :) It's going to be like the 90s all over again, lol

@ChrisBreederveld

10 ай бұрын

Came here to say the same: security by obscurity is no security at all

@johnqpublic2718

10 ай бұрын

Most people could still spell and write in complete sentences in the 90s.

@LaughingOrange

10 ай бұрын

@@ChrisBreederveld That doesn't however mean obscurity is bad. Not using port 22 for SSH reduces exposure to automated attacks, but is not a replacement for a good password or forcing key-based authentication.

I really hate KZread shorts, this is the quality that makes KZread watchable at all.

@jasonschuler2256

10 ай бұрын

Then just don’t watch shorts? What an odd comment.

@jamesp1389

9 ай бұрын

​@@jasonschuler2256yes it is quite easy to just not watch em very strange comment

that's why wanting security with something proprietary is stupid

not to mention 2 on 32, but 2 on 80 is also bruteforcable nowadays. not in real time though. its similar to 12 letter password. so tetra is completely useless if xor algorythm is all there is...

me: Oh we get to hear the cops again! ... ... ( hears the feds muttering own address... )

You could say, it is just an exploit prob used by organisations for years (or decades).

Security by obscurity at it's finest

@lepidoptera9337

8 ай бұрын

The mere idea that security exists in this space is a ridiculous misunderstanding of physics. A radio transmitter can always be located simply by the fact that it has to produce an energy flow that is above the noise background of the environment. No matter the protocol, it is always possible to detect the source of the transmission. For a criminal the detection of a police transmitter close to his physical location would usually be enough to seize the criminal activity. It is complete overkill to differentiate between "harmful" and "harmless" police presence for most such activities. That's why the police usually does not care about being listened to.

Public money, public code! Donate to EFF, we need someone lobbying for our side.

finally i can listen to police chatter

Encryption rules: #1: Don't invent your own algorithm. #2: See rule #1.

Im no criminal but I did like being able to exploit things like this because police should be accountable. I think the number of criminals actually listening to police (and even being able to use it to their advantage) is actually quite rare. Maybe you would want some standard that prevents insertion of messages, but it should allow you to hear public services in the clear

@AbelShields

10 ай бұрын

I'm sure there are situations where you wouldn't want people to be able to just listen in - for example, if they're coordinating raids or a manhunt. Perhaps a different idea - they could carry on broadcasting encrypted messages (using an open, thoroughly tested protocol) and maybe release keys a day or a week later

@xeobit2781

10 ай бұрын

Yeah a delayed system would be cool. Also body cams i feel should be harsher restrictions on "accidentally" deleting footage.

@snex000

10 ай бұрын

@@AbelShields Maybe in whatever shithole country you live in where government is sovereign and people are subjects. In America, it's the opposite. If cops can't do their jobs without violating peoples' rights, then too damn bad. Git gud.

@snex000

10 ай бұрын

The only "criminals" with this kind of capability are people engaged in highly lucrative trade of goods that the government doesn't like - aka only criminals by statute. Dangerous murderers and rapists aren't sophisticated people but magically the government rarely finds the time to go track them down.

@weirdsciencetv4999

10 ай бұрын

@@AbelShields it would have to be a system that doesn’t rely on the good will of the police.

Wow a symmetric key encryption protocol that gets broken that has never happened before.

If we don't know what our police are doing or saying, how do we know they're not intending to victimize us?

@lepidoptera9337

8 ай бұрын

That's guaranteed by the law and only by the law. If you think that spying on the police will keep you safe from the police of a country that does not abide by human rights standards, then you are just kidding yourself... and not just a little.

Imagine having to sign an NDA for this

@lepidoptera9337

8 ай бұрын

An NDA is a legal document that defines a "reasonableness" standard for the safekeeping of trade secrets. It prevents both sides from bringing nonsense lawsuits. If you are ever exposed to somebody's trade secret without having a written NDA in place, be very careful. It might backfire if you are dealing with a possessive personality. With an NDA all you have to do is to keep their trade secrets as safe as you would your own, i.e. they can't require you to pay damages for accidental leaks if you abide by the low standards of the document, which are usually trivial. If you are used to keeping your own trade secrets in a file folder in a locked office and you have employment agreements that require your employees to keep their knowledge about your company and its operations to themselves, then you are done implementing security measures for your partner as well. They can't sue you for not keeping their documents in a safe inside a vault inside a military installation with double fences and armed guard towers. ;-)

TETRA is Terrestrial Trunking on a digital form to substitute the MPT analog wich lacked capacity. But no Enterprise would buy a lousy system that was completly shatered by GSM and the likes... So they started selling to Governments that use people's money and don't care, as long as they get some kickbacks... TBSs transmiting all the time are a perfect target, and how come military personel would use a system that cannot make radio silence on its own concept.... This is a money scheme...bilions down the drain... TETRA was for truckers and dilivery services, not for military or police or firemen work.... For that you use FHSS, anti-EMP, and the likes... All ignorants making decisions on what they don't understand....

@rfvtgbzhn

9 ай бұрын

"All ignorants making decisions on what they don't understand" is just how politics generally works under capitalism.

Should also be noted that UK police pushed TETRA, because of the mesh network officers then make, but the relay/transmit power of the handsets needed to pull that off gave many officers chest/lung/heart cancer.

@cannaroe1213

10 ай бұрын

Also TETRA was known to be backdoored in the early 2000s, it's not that "no one knowed about it" - it was simply illegal (patent, IP) to say how. At least in the UK.

@mysticmarble94

9 ай бұрын

lol ... "heart cancer"

@BezosAutomaticEye

9 ай бұрын

Never short of tin foil in your house.

@cannaroe1213

9 ай бұрын

@@BezosAutomaticEye false, i'm actually constantly running out because the government is hiding my shopping lists.

Anyone who's ever had even a tangential involvement with an ETSI standards committee will know what a glacially slow, politically handicapped process it is. Technical considerations are definitely not at the top of the list when it comes to providing the design criteria.

Events like this start to look like straw-men for enhancing the false sense of security around the publicly available implementations. It's not just the public standards that have to be checked, it's the _implementations._ So the implementations of those public standards need to be open source. But even when they are open source, and even if they were formally verified, they are still vulnerable because the underlying OSes like Windows and Linux are not secure, and in fact these OSes have insecurity built in. Think for example of the common use of libraries like openssl to implement public cryptographic protocols. These libraries have a fixed publicly avaiable interface. All the OS needs to do is provide a back door that allows a man-in-the-middle to intercept the API calls to libssl and all the cryptography in the world isn't worth the bubble gum under a school desk. It's all BS and hot air.

idk why iran would ever trust an american export in secure telecommunications tbh or vice versa lol

Sometimes, you want these vulnerability to exist.

If it's a European protocol why do American export restrictions matter? Also wasn't it not allowed to Iran regardless?

@jasonschuler2256

10 ай бұрын

He was talking about European export restrictions…

@dvtt

10 ай бұрын

@@jasonschuler2256 well he said American

How about Tera-Burgers and junk food -->> 300 lbs overweight

Security by obfuscation is not secure... One time pad should only be used once... Crypto Course 101...

his dunglish is great

Interdasting..

big heck

Rule #1 of development with crypto: *don't* roll your own crypto!

"You don't want people to know what police are saying to each other." Uhh what? So you don't want transparency in government? You want them to be able to conspire against citizens? You want them to be able to get their stories straight with each other before they write reports? All police radio traffic must be PUBLIC. WE pay for it.

@ikocheratcr

10 ай бұрын

I agree with transparency, BUT not realtime. What I mean, is that police communications while some operation is going on, needs to be secret, but after they are done, all data needs to be public. Think of a raid, you do not want the raided to be aware of it, but after all is done, the public has the right to know what happened there.

@snex000

10 ай бұрын

@@ikocheratcr Police shouldn't be doing "raids." They are not the military and citizens are not enemy combatants.

@Erhannis

10 ай бұрын

@@snex000 That seems...impractical. I can imagine quite a few cases where raids seem called for - human trafficking, illegal weapons manufacturing operations, etc. I mean, I guess you could call in the military for all such operations? I'm on the fence about that one.

@snex000

10 ай бұрын

@@Erhannis Human trafficking is only an issue because the government has illegally made it a crime to sell sexual services in a reputable manner. And what on earth is an "illegal weapon?" The right of the people to keep and bear arms shall not be infringed. You are just making my point for me. The ONLY reason you want secret police communications is to go after people who commit made up crimes that either have no victims or that only exist because the government has forced activity into a black market. Stop giving this kind of immense power to people who are supposed to be there to SERVE the people. They cannot be trusted with it. No one can.

@BobbyHill26

10 ай бұрын

⁠@@Erhannisthe military is both better equipped and better trained for these types of scenarios, and the police, in america at least, have shown themselves time and time and time and time again to not handle them well. Cops use that to argue they need better equipment, then when they fail to use the better equipment, they say they need more training, then you get astronomical budgets going to the police of every town and city in the country so that they can pretend they are elite military personnel at the one big call every few years, where they tend to completely drop the ball.

I hope that if the Russians are using TETRA, that the public disclosure and resultant repair didn't alter the ability to decrypt their communications.

Garbage in, garbage out

5:44 sorry but i am stopping the video because of the sound that felt-tip pen makes. i can't stand it.

Here's hoping people lose their jobs over this shit. Not just at ETSI for allowing this to happen, but at all the agencies that chose to adopt a proprietary encryption standard that had never before gone through an external audit. This is the sort of shit that costs lives.

I don't even care anymore. We've destroyed ourselves with our "cleverness". I'm letting nature bat last.