After critical bug disclosures, TETRA emergency comms code goes public

The encryption algorithms used to secure emergency radio communications will now soon be released to the public domain, with the aim of encouraging code review and bug hunting.

The news comes after multiple vulnerabilities were found in TETRA, short for Terrestrial Trunked Radio, which is a radio voice and data standard mainly used by emergency services, such as police, fire brigade, and military, as well as in some industrial environments. The bugs were found by Midnight Blue Labs earlier this year, and the research was presented at Black Hat USA, showcasing additional zero-day vulnerabilities that could allow anyone to spy on or manipulate transmissions.

This decision to go public is a complete 180-degree turn for standard-maintainer ETSI, which originally pushed back against any claims of vulnerabilities within TETRA when they were initially found, claiming that the work to enhance the standard was already underway.

Since then, a technical committee overseeing the TETRA standard met in October to decide on making the algorithms open to the public. Ultimately, the group came to a unanimous decision to open-source all of the TETRA Air Interface cryptographic algorithms.

To read the complete article, visit Dark Reading.