Jailbreaking TETRA Digital Radios and Base Stations - Security Analysis and Vulnerabilities

Explore a groundbreaking security conference talk that reveals the first public disclosure and analysis of TETRA (Terrestrial Trunked Radio) cryptography - a standard widely used by government agencies, police, military, and critical infrastructure worldwide. Dive deep into the radio jailbreaking process that exposed previously secret cipher suites (TEA and TAA1) kept under restrictive NDAs for decades. Learn about multiple security flaws enabling passive and active adversaries to intercept and manipulate TETRA traffic, including a discovered backdoored stream cipher. Follow the technical journey through reverse-engineering and exploiting 0-day vulnerabilities in Motorola MTM5x00 radio and TI OMAP-L138 TEE, covering side-channel attacks on DSPs, custom decompiler development, and achieving code execution on Motorola MBTS TETRA base stations for research purposes.