Tuesday, May 27, 2025

TETRA Under Scrutiny: Critical Vulnerabilities Found

 Based on the sources, here are the security issues and relevant details found on the devices mentioned:

  • Motorola MTM5400

    • The Motorola MTM5400, a common TETRA radio model easily found second-hand, was used as a target device for the research.
    • It was used to demonstrate the feasibility of obtaining the underlying secret cryptographic primitives through reverse engineering using software exploitation techniques.
    • The device is built around the Texas Instruments OMAP-L138 SoC, which includes software security features like Secure Boot and a Trusted Execution Environment (TEE) intended to protect the cryptographic code.
    • Despite these security features, the researchers successfully gained arbitrary code execution on the ARM core by exploiting a format string vulnerability (CVE-2022-26941) found through static analysis of the device's AT modem command interface.
    • They pivoted to gain code execution on the DSP core because the SoC's Memory Protection Units (MPUs) and I/O Protection Units (IOPUs) were left unconfigured (CVE-2022-27813), allowing simple overwriting of DSP firmware in RAM.
    • Within the TEE on the DSP, they performed a cache timing side-channel attack (made possible by the DSP's cache control primitives accessible from non-secure mode) to recover bits of the AES key used to decrypt the TEE modules containing the cryptographic primitives. This vulnerability is registered as CVE-2022-25332.
    • Analysis of the device's Pseudo-Random Number Generator (PRNG) revealed it relies solely on the clock tick register for entropy (CVE-2022-26943). This predictability makes the device vulnerable to the session key pinning attack (CVE-2022-24400), allowing an attacker impersonating the infrastructure to establish an all-zero session key (DCK) without knowing the secret key K.
    • The MTM5400 can be persuaded to arbitrarily update its internal frame counters by spoofing unencrypted and unauthenticated SYNC and SYSINFO frames. This manipulation leads to the re-use of keystream (CVE-2022-24401, CVE-2022-24404), enabling keystream recovery attacks regardless of the TEA cipher used. The researchers validated this attack as working reliably in practice on the MTM5400 using a modified base station.
    • The MTM5400 also acknowledges frames destined for a talk group even though acknowledgments normally don't occur in a group context. This allowed tailoring the keystream recovery attack to target group-encrypted traffic.
    • The researchers expect most other Mobile Station (MS) models to be equally susceptible to the keystream re-use attack as they are not aware of deviations between the MTM5400's implementation and the TETRA standard.
    • The MTM5x00 radio firmware, which includes the MTM5400's firmware, was found to have 4 CVEs that allow for key extraction and persistent covert implants. Tools developed for this firmware series, including a disassembler plug-in, decompiler support, firmware unpacker, and utilities for instrumenting, debugging, monitoring, and packet injection, were publicly released.

  • Texas Instruments (TI) components (OMAP-L138 SoC, C6748 DSP, L138 development board)

    • Texas Instruments manufactures the Baseband SoC, specifically the OMAP-L138, used in the Motorola MTM5400. This means the TETRA cryptography in the MTM5400 is implemented in software, not hardware.
    • The OMAP-L138 SoC contains an ARM core and a TI C6748 DSP.
    • The SoC provides security features like Secure Boot and a Trusted Execution Environment (TEE). The TEE on the DSP is used by Motorola to load and execute confidential code, specifically the TETRA cryptographic primitives, protected from the non-secure environment.
    • However, 3 CVEs were found in the ROM code of the Texas Instruments OMAP-L138, which allow for breaking Secure Boot and the TEE.
    • The C6748 DSP has privilege levels (user/supervisor) and security levels (non-secure/secure). The secure kernel, provided in ROM by TI, runs in secure supervisor mode.
    • The TEE allows run-time loading of modules via the SK_LOAD API call. Modules are decrypted and signature checked before being copied to a secure address space. These modules are encrypted with AES-128.
    • The C6748 DSP offers fine-grained cache control functionality. A cache timing side-channel attack was successfully mounted against the TEE using these primitives, even from non-secure supervisor mode, affecting secure memory.
    • This side-channel attack was used to locate the AES S-box within the secure ROM.
    • The attack, targeting the first round of AES decryption, allowed the recovery of 48 bits of the 128-bit first round key (CVE-2022-25332) used for decrypting the module header. A more complex version of the attack could recover the full round key.
    • Distinct keys are used for decrypting the module header and body; the key for decrypting the body was also recovered using the cache timing attack.
    • An L138 development board was used to load assembly instructions and invoke functions to generate known-good test vectors, aiding in the reverse engineering and creation of equivalent C implementations of the recovered primitives.

  • Toshiba Satellite 4010CDS

    • This is an older laptop model from the late 1990s, specifically noted as having a 266 MHz Pentium II processor, a 4.1 billion byte hard disk, and 32MB SDRAM.
    • It was used in a demo titled "Party like the ‘90s".
    • Its inclusion serves to challenge the notion that the 32-bit effective key length of TEA1 would have been secure 25 years ago or that exploiting the backdoor requires "reasonable equipment".

  • NVIDIA GTX 1080 GPU

    • Described as "State-of-the-art... consumer hardware... in 2016...".
    • It was used to demonstrate the practical speed and low cost of performing brute-force and meet-in-the-middle attacks on the weak TEA1 stream cipher and the identity encryption scheme.
    • A proof-of-concept implemented in OpenCL running on this GPU could:
      • Exhaust the search space for the 32-bit reduced ECK in approximately 52 seconds.
      • Recover the full 80-bit key (with a complexity of 2^48) in approximately 7 minutes.
      • Perform the meet-in-the-middle attack on the identity encryption scheme (with a complexity of 2^40) in approximately 16 seconds.
    • Brian Murgatroyd, Chair of ETSI TC TETRA, referenced the researchers' ability to decrypt messages using a "very high-powered graphics card in about a minute," likely referring to results obtained on this GPU.

  • Motorola MBTS TETRA base station / EBTS base station firmware

    • An old Motorola MBTS base station was purchased to serve as a Proof of Concept (PoC) platform for the keystream recovery attack (CVE-2022-24401).
    • The researchers found vulnerabilities in the MBTS.
    • A module framework was developed for the MBTS to turn it into an attack platform.
    • The specific MBTS acquired lacked air interface encryption support out-of-the-box, but its firmware had the necessary prerequisites, including an empty stub for the stream cipher.
    • They gained the ability to inject arbitrary read/write/execute primitives into the MBTS firmware image, which was possible because the image is not cryptographically signed.
    • The empty TEA1 stream cipher stub in the firmware was replaced with the actual implementation.
    • A small framework allowed loading C code as an ELF executable module into the MBTS at runtime, enabling the insertion of key material (normally requiring a Motorola Key Variable Loader KVL) and redirecting firmware code flow.
    • The modified MBTS was used in a lab setup with an MTM5400 to demonstrate the keystream recovery attack.
    • By overriding transmission procedures, they gained the ability to inject arbitrary messages.
    • The MBTS, acting as a base station, was used to implement the bootstrap and keystream expansion attack by tampering with network time and interpreting the MS's acknowledgments (or lack thereof) to infer keystream.
    • The attack on the MTM5400 was validated as working reliably using the modified MBTS.
    • Separately, 5 CVEs were found on EBTS base station firmware, allowing for key extraction and persistent covert implants.

  • Motorola MTM5x00 radio firmware

    • This refers to the firmware used by the Motorola MTM5000 series of radios, which includes the MTM5400.
    • 4 CVEs were found on this firmware, allowing for key extraction and persistent covert implants.
    • The TAA1 suite of cryptographic primitives is present in all MTM5x00 firmwares.
    • Tools specifically developed for working with this firmware series (disassembler support, decompiler support, firmware unpacking, and utilities for instrumenting, debugging, monitoring, and packet injection) were publicly released to facilitate further security research.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Love Language -

 

  • boardsi - summary - review
     Summarization of hundreds of comments on Reddit. Ineffective Service: The users explicitly states, "Confirmed that it doesn't w...
  • Privacy Policy, Flipp
    Based on a review of the provided Privacy Policy , here are some potential legal implications and issues that should be addressed: Scope a...