Carding 4 Carders
Professional
Why are secret cryptographic algorithms the last century?
The European Telecommunications Standards Institute (ETSI) may soon publish the source code of closed cryptographic algorithms that are used to protect emergency radio communications in the TETRA protocol.
TETRA is a ground-based trunking radio communication protocol used primarily for police and government officials in European countries.
In July of this year, Dutch experts from Midnight Blue reported five vulnerabilities in TETRA, two of which are critical. With the help of these bugs, attackers could decrypt confidential conversations in real time, reveal the identity of participants, and even completely block communication by zeroing out session keys.
The found defects were given the general name TETRA: BURST. The researchers waited a year and a half before releasing the data, although this usually takes about 6 months. The delay is related to the particular importance of secure channels and the difficulty of fixing vulnerabilities in strategically important systems.
ETSI claims that the problems were fixed in October last year and there were no signs of their exploitation. However, the institute has recently been sharply criticized by cybersecurity experts. The very fact that TETRA's cryptographic algorithms are closed significantly complicates pentesting and other independent checks.
Most experts do not see such "protection" as necessary. For example, according to the famous cryptographer Matthew Green, secret algorithms are outdated and only exacerbate the security problems of communication systems: "This whole idea of secret encryption algorithms is madness in the spirit of the 1960s-70s. I don't see the point in keeping them private unless you're publishing weak code intentionally."
The decision will be made at the ETSI Technology Committee meeting on October 26. If no consensus is reached, the issue will be put to a vote.
The European Telecommunications Standards Institute (ETSI) may soon publish the source code of closed cryptographic algorithms that are used to protect emergency radio communications in the TETRA protocol.
TETRA is a ground-based trunking radio communication protocol used primarily for police and government officials in European countries.
In July of this year, Dutch experts from Midnight Blue reported five vulnerabilities in TETRA, two of which are critical. With the help of these bugs, attackers could decrypt confidential conversations in real time, reveal the identity of participants, and even completely block communication by zeroing out session keys.
The found defects were given the general name TETRA: BURST. The researchers waited a year and a half before releasing the data, although this usually takes about 6 months. The delay is related to the particular importance of secure channels and the difficulty of fixing vulnerabilities in strategically important systems.
ETSI claims that the problems were fixed in October last year and there were no signs of their exploitation. However, the institute has recently been sharply criticized by cybersecurity experts. The very fact that TETRA's cryptographic algorithms are closed significantly complicates pentesting and other independent checks.
Most experts do not see such "protection" as necessary. For example, according to the famous cryptographer Matthew Green, secret algorithms are outdated and only exacerbate the security problems of communication systems: "This whole idea of secret encryption algorithms is madness in the spirit of the 1960s-70s. I don't see the point in keeping them private unless you're publishing weak code intentionally."
The decision will be made at the ETSI Technology Committee meeting on October 26. If no consensus is reached, the issue will be put to a vote.
