Slovenian University Student & Security Researcher Almost Jailed for Researching TETRA with an RTL-SDR

Dejan Ornig, a 26 year old student at the University of Maribor’s Faculty of Criminal Justice and Security was recently almost jailed for finding a security flaw in Police TETRA communications in his home country of Slovenia. Back in 2013 his University Computer Science class of 25 was assigned a task to research security vulnerabilities in TETRA. TETRA is a RF digital communications protocol often used by authorities due to its ability to be secured via encryption. During his research he used an RTL-SDR and the open source Osmocom TETRA decoder, and discovered a flaw in the Slovenian Police’s TETRA configuration which meant that encrypted communications were often being broadcast in the clear. Translated, Ornig said:

For $20 I bought a DVB-T receiver (RTL-SDR), on the Internet, I have found also freely available and open-source software OsmoCOM. Free access solution for decoding the signal Tetra eighth-tetra is already prepared in advance programming framework based on the platform GNU.

He goes on to say (translated):

I was even more surprised when I found that most users do not have authentication turned on the radio terminal, even though the Ministry of the Interior in the documents and tenders repeatedly wrote to all the radio terminals to access networks using authentication.

Shortly after discovering the flaw, Dejan privately contacted the authorities with his findings. But after two years of repeatedly contacting them and waiting for a fix, Dejan decided to take his story to a local news agency in February 2015. At this point the Slovenian Police became interested in Dejan, and instead of fixing the problem, decided to conduct a search on his house, seizing his computer and RTL-SDR. After the search the Police made life harder for Ornig by trying to lump on other problems. During the search they found a “counterfeit police badge” in his house and apparently accused him of impersonating a police officer, and after a search of his PC they also decided to charge him after finding out that he covertly recorded his ex-employer calling him an “idiot”.

Ornig has now been given a 15 month suspended jail sentence for attempting to “hack” the TETRA network. Fortunately the suspended part means that in order to not go to jail Ornig simply must not repeat his crime again within 3 years. While SDR’s and radios are not illegal in most countries this is a reminder to professional and amateur security researchers to check that what you are doing is legal in your country. Even if it is for the overall good, Police often do not have the technical competence to understand security researchers and may react illogically to findings. The good news about Ornig’s story is that apart from the suspended jail sentence the authorities appear to have now worked with him to fix the problems.

TETRA Decoding
TETRA Decoding

Story Sources:
[http://www.ibtimes.co.uk/researcher-jailed-finding-security-flaws-police-communications-1561600]
[http://siol.net/novice/slovenija/kako-za-20-evrov-prisluskovati-slovenskim-varnostnim-organom-video-44923]
[https://podcrto.si/odziv-na-trditve-policije-glede-varnosti-komunikacijskega-sistema-tetra]

7 comments

  1. Mitja

    well in Slovenija you should tell anyone if you are doing such stuff because they will crush you like a paper cup
    If I decoded traffic lights like Sebastian did in Germany I would probably be accused of hacking street saftey

  2. Bob

    The fool should have told the fuckers to piss off instead of trying to help them. A sane person would recognize the fact that the enforcers are his ENEMIES when they started stealing his lifes time. Liberalism is a mental disorder that seems to be shared by a lot of people these days.

  3. bond

    nice one dude.
    They don’t like it when you give them some of there own medicine.They( EU-UK-GCHQ-USA-NSA: Data surveillance) can wire tap us and eavesdrop on our internet and cellphone useage so I call it payback.

  4. Marty

    The 5 stages of most large organisations reacting to security problems.
    2 years of “denial”
    2 months of “anger”
    2 days of “bargaining”
    2 hours of making Dejan Ornig “depressed”
    worldwide “acceptance” of the incompetence of the Slovenian Police, Army, military police, prisons, financial administration, DARS, and the government in dealing with this.

    The really funny thing is that usually the bigger the cockup the more money that is given to the people who created the problem in the first place. Normally they hire back the exact same people who created the problems, because they know the systems best, secrecy, and they already have a financial system in place to deal with payment. Bringing new people in would require adding them to the financial system as a new vendor, awkward questions as to why a new vendor is needed and then lots of time to get the new vendor up to speed on the broken system and then fix it properly, but that would take longer and cost more than hiring back the same idiots again.

  5. Nate

    Talk about insanity. I’m sure the engineers manufacturing TETRA products would say something like the following:

    “This vulnerability was only discovered by a highly trained hacker working for years to break our protocol, he could not have done this without insider access to millions of dollars of highly sophisticated equipment provided by company insiders or mob bosses. Also, he didn’t crack anything, everything was secure at all times. But if something did, uh, happen to our security, NO ONE could do this with a worthless $20 TV chip found on the internet! This was an inside job, but you see it doesn’t matter because he could not and did not crack our super-ultra-secure systems, which is still super-ultra secure..”

  6. Harold Giddings

    This had nothing to do with the law and everything to do with scared crooked cops that didn’t want to fix their radio problems but rather science the man trying to help them.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.