Zeroth of all, the people who have backdoor - EU intel agencies - don’t have any motive to attack TEA1 radios within their range. This might provide them with tools to snoop on non-EU firetruck radios, but that’s all. That’s some very limited NOBUS capability
First of all, it’s an attack on something that is transmitted most usually on 430ish MHz - you need to be within few km of target just to listen. This is enough to break TEA1 if you know about the backdoor, but if you want to do anything more - like exploit CVE-2022-24401 - you need to be close enough to receive victim’s signal, but also you need to spoof part of base station signal - remember, you don’t wanna get caught, so you have to use low power and point directional antenna at cops - and you need to be even closer, maybe even following them within line of sight for it to work reliably
Proof of concept code wasn’t published, you still need considerable resources to get to exploitation in principle in the first place and then you have to be physically close to decrypt some communications. This still doesn’t allow for sending forged messages because there’s also authentication mechanism that you’d also need to take care of. This is some state-level resources, not two dudes in a shed scale of resources
The concept still persists, normalizing stuff having backdoors shouldn’t be a thing. The government will do as government does but we shouldn’t just think it’s always safe and let them know we’re okay with it
I get what you’re saying, i’m saying that average joe hasn’t really been exposed much because distribution of this vulnerable technology is limited and actual exploitation has some serious constraints
Great, now look at the actual vulnerabilities
Zeroth of all, the people who have backdoor - EU intel agencies - don’t have any motive to attack TEA1 radios within their range. This might provide them with tools to snoop on non-EU firetruck radios, but that’s all. That’s some very limited NOBUS capability
First of all, it’s an attack on something that is transmitted most usually on 430ish MHz - you need to be within few km of target just to listen. This is enough to break TEA1 if you know about the backdoor, but if you want to do anything more - like exploit CVE-2022-24401 - you need to be close enough to receive victim’s signal, but also you need to spoof part of base station signal - remember, you don’t wanna get caught, so you have to use low power and point directional antenna at cops - and you need to be even closer, maybe even following them within line of sight for it to work reliably
Proof of concept code wasn’t published, you still need considerable resources to get to exploitation in principle in the first place and then you have to be physically close to decrypt some communications. This still doesn’t allow for sending forged messages because there’s also authentication mechanism that you’d also need to take care of. This is some state-level resources, not two dudes in a shed scale of resources
The concept still persists, normalizing stuff having backdoors shouldn’t be a thing. The government will do as government does but we shouldn’t just think it’s always safe and let them know we’re okay with it
I get what you’re saying, i’m saying that average joe hasn’t really been exposed much because distribution of this vulnerable technology is limited and actual exploitation has some serious constraints