Jos Wetzels
Jos Wetzels is a co-founding partner at Midnight Blue. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He has discovered zero-day vulnerabilities across tech stacks ranging from bootloaders and RTOSes to proprietary protocol implementations.
At Midnight Blue, he has consulted to government agencies, grid operators, and Fortune 500 companies worldwide and has been involved in the first ever public analysis of the TETRA radio standard used by police and critical infrastructure globally - uncovering several critical vulnerabilities.
Prior to founding Midnight Blue, he worked as a security researcher and reverse engineer at Forescout where he developed state-of-the-art intrusion detection capabilities for Operational Technology (OT) environments. Jos is a regular conference speaker and has presented at events such as Black Hat, DEF CON, CCC, Usenix, HITB, OffensiveCon, ReCon, EkoParty, and others.
Session
In August 2023, we published the TETRA:BURST vulnerabilities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA were handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.
This talk is not TETRA:BURST, but dives into the latest TETRA revision introduced in 2022. Most notably, it contains a new suite of cryptographic ciphers. Of course the cipher available for critical infrastructure and civilian use (TEA7) is intentionally crippled, and of course these ciphers were to be kept secret, but this decision was overruled due to public backlash following our publication last year. In this talk we will present a practical attack on the TEA7 cipher, which while taking a 192-bit key, only offers 56 bits of security. Furthermore, we point out improvements and shortcomings of the new standard, and present an update on TEA3 cryptanalysis, where we previously found a suspicious feature, and draw a parallel with its successor TEA6.
All in all, in this short and relatively crypto-forward talk, we assess with all-new material whether the new TETRA standard is fit for its intended purpose. This crucial technology seeks to once again take a very central role in our society for decades to come, and its cryptographic resilience is of fundamental importance - for emergency networks, but possibly even more for our critical infrastructure and associated processes.