We read about hacking law enforcement radio systems, then attended the session at Black Hat, and wondered about the motivation for this class of attack. Years ago, and probably always at DEF CON, breaking all the things was a priority, maybe just for lolz. But nation-s tates’ antennae will almost certainly go up with this news. Expect more attacks soon – the kind you may not hear about.
Attacks against critical infrastructure
Years ago we were asked whether early attacks against critical infrastructure were just one-offs or whether we could expect to see more. Later, everyone understands the threat is real, especially for attackers ideologically motivated, as in wartime operations.
Ransomware was a natural extension, but it begs a different question about nationally motivated attackers who simply want to gather intel undetected for as long as possible. By extension, it also begs the question of who already is sitting on law enforcement networks.
Legacy networks used in lots of stalwart communication environments are expected to operate – even in natural disasters – for decades, much like dams, water treatment plants, and the like. They are most concerned with reliability, but far less about security. Even if their security was suddenly a focus, it’s not obvious that these systems have the capabilities to meaningfully implement security to any meaningful level, especially the older legacy systems.
Reluctant vendors
One of the presenters cited the general unwillingness of the proprietary Tetra radio systems crew to use anything besides proprietary encryption – the thing that the presenters broke in multiple ways. The European Telecommunications Standards Institute (ETSI) thought that having obscure, proprietary encryption seemed way more secure than using some open, widely vetted algorithm, even when presented with multiple weaknesses .
They also presented evidence at the talk that nation-states had previously shown a great deal of interest, and perhaps access, to Tetra-based equipment in national security contexts, so this is really nothing new, just obscure.
One of the barriers to researchers taking a look at the equipment is the extreme reluctance the hardware vendors had to them gaining hardware and software access at all. Not many researchers have the budget for spending large sums to have a chance of proving there are issues, so they don’t. That means only nation-states – the ones with the most potential interest – would be sufficiently motivated… but likely to exploit, not fix.
Also, with the increasingly chilling global environment surrounding exporting tech that could be used by a future enemy , there is a chilling effect on the ability and likelihood that the best encryption will be widely utilized (since Tetra radios are basically everywhere globally in some form) due to export restrictions, which could lessen future security even further.
Part of Black Hat is about studying to understand issues so they can be fixed, thereby helping us all to be more secure. Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure; we hope the emergency communications folks we all rely on for support during critical events aren’t just unwitting victims .