TETRA Radio Security: Uncovering Secret Cryptography in Law Enforcement Communications

Explore the groundbreaking journey of radio jailbreaking that led to the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio). Delve into the process of uncovering the secret algorithms that have remained hidden for over two decades, bound by restrictive NDAs. Learn about the reverse-engineering techniques and exploitation of zero-day vulnerabilities in the Motorola MTM5x00 TETRA radio and its TI OMAP-L138 trusted execution environment. Discover the challenges faced in side-channel attacks on DSPs, writing decompilers for complex DSP architectures, and exploiting ROM vulnerabilities in the Texas Instruments TEE. Gain insights into the critical importance of this technology, widely used by government agencies, emergency services, and in industrial environments, and understand the implications of its security analysis.

All cops are broadcasting: Obtaining the secret TETRA primitives after decades in the shadows