根据 wired报导，TETRA作为一种无线电通讯协议，存在一个后门，该后门已存在多年，但由于加密算法不公开，一直以来供应商对其遮遮掩掩，直到最近一个荷兰机构公开发表了这个后门。本文部分内容摘自wired报导。

背景

上世纪末，European Telecommunications Standards Institute 开发了TETRA协议，并且制定了4种加密规则，分别是TEA1, TEA2, TEA3, TEA4。四种加密规则都是不公开的，都使用80bit的秘钥。

TEA1

TEA1 is for commercial uses; for radios used in critical infrastructure in Europe and the rest of the world, though, it is also designed for use by public safety agencies and military, according to an ETSI document, and the researchers found police agencies that use it.

TEA2

TEA2 is restricted for use in Europe by police, emergency services, military, and intelligence agencies.

TEA3

TEA3 is available for police and emergency services outside Europe—in countries deemed “friendly” to the EU, such as Mexico and India; those not considered friendly—such as Iran—only had the option to use TEA1.

TEA4

TEA4, another commercial algorithm, is hardly used。

漏洞1

该漏洞影响使用TEA1的TETRA网络，无法通过软件更新修复。

TEA1有一个后门，开启之后实际上使用的秘钥是32bit的。在该协议开发的时候，32bit的秘钥是难以破解的，但是在算力充沛的当今，仅需要一台便携笔记本不到一分钟就可以破解。该漏洞在被荷兰的研究所发现之前，实际上已经为制造商和政府机构所熟知了，根据wikileak的一篇文件，一个意大利厂商本来要给伊朗提供警用无线电，美国表示反对，意大利厂商的回复是，这些警用无线电使用的是低于40bit的秘钥，已经是破烂货了，美国没必要反对。

该漏洞的后果就是，一个黑客可以擅自加入一个TETRA网络，对网络中的其他设备发信，截获其他设备的发信。

漏洞2

该漏洞影响所有TETRA网络，可以通过软件更新修复

When a TETRA radio contacts a base station, they initiate communication with a time sync. The network broadcasts the time, and the radio establishes that it’s in sync. Then they both generate the same keystream, which is tied to that timestamp, to encrypt the subsequent communication.

“The problem is that the network broadcasts the time in packets that are unauthenticated and unencrypted,” says Wetzels.

As a result, an attacker can use a simple device to intercept and collect encrypted communication passing between a radio and base station, while noting the timestamp that initiated the communication. Then he can use a rogue base station to contact the same radio or a different one in the same network and broadcast the time that matches the time associated with the intercepted communication. The radio is dumb and believes the correct time is whatever a base station says it is. So it will generate the keystream that was used at that time to encrypt the communication the attacker collected. The attacker recovers that keystream and can use it to decrypt the communication collected earlier.

To inject false messages, he would use his base station to tell a radio that the time is tomorrow noon and ask the radio to generate the keystream associated with that future time. Once the attacker has it, he can use the keystream to encrypt his rogue messages, and the next day at noon send them to a target radio using the correct keystream for that time.

中国的无加密TETRA

根据对讲机世界的一篇报导，中国使用的TETRA系统是无加密的，新的无线电加密通信基本上是使用自主知识产权的PDT系统。