Dale Wooden

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The issue concerns a payload length vulnerability. It makes it possible to determine the length of the payload regardless of the encryption used, as the goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate message lengths. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The issue allows an attacker to inject custom messages with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This can be exploited if the device is used in an unencrypted environment or if the cryptography has already been compromised. For higher security operations, it is advised to use encryption shared with a local QR code. **Recommendations** As a temporary workaround, consider using encryption shared with a local QR code for higher security operations. Restrict the use of the goTenna Pro ATAK Plugin in unencrypted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The issue concerns the transmission of the encryption key name in an unencrypted manner when sent over RF through a broadcast message, potentially revealing the location of operation. It is recommended to share the encryption key via local QR for higher security operations. **Recommendations** As a temporary workaround, consider sharing the encryption key via local QR for higher security operations. Restrict the use of broadcast messages for sending encryption keys to minimize the risk of exploitation. Avoid using RF broadcasts for sensitive information until a more secure method is implemented.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. **Recommendations** Update to the current release for enhanced encryption protocols. As a temporary workaround, consider using additional integrity checking mechanisms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The goTenna Pro ATAK Plugin application stores encryption keys along with a static IV on the device, allowing for complete decryption of keys stored on the device. This enables an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK Plugin (affected versions not specified) **Description** The goTenna Pro ATAK Plugin has a default setting to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. This can lead to users accidentally broadcasting their location unencrypted if they are unaware of their settings and have not activated encryption before a mission. **Recommendations** Update to the latest Plugin to disable the default setting of sharing PLI updates every 60 seconds. As a temporary workaround, consider verifying PLI settings to the desired rate and activate encryption prior to mission. Restrict access to the plugin's default settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro ATAK plugin (affected versions not specified) **Description** The issue concerns the use of weak passwords for sharing encryption keys via the key broadcast method in the goTenna Pro ATAK plugin. If the broadcasted encryption key is captured and the password is cracked via a brute force attack, it is possible to decrypt the key and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This issue only applies when the key is broadcasted over RF. Additionally, the encryption keys are stored along with a static IV on the device, allowing for complete decryption of keys stored on the device and enabling an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device. **Recommendations** As a temporary workaround, consider using local QR encryption key sharing for additional security. Restrict the use of the key broadcast method over RF to minimize the risk of exploitation. Avoid using the static IV for encryption key storage until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin (affected versions not specified) Description: The issue is related to the generation of passwords for sharing cryptographic keys, where the goTenna Pro ATAK Plugin does not utilize SecureRandom. Instead, it uses a random function that is not suitable for cryptographic purposes, making it easier for attackers to brute force the password if the broadcasted encryption key is captured. This primarily affects the optional broadcast of an encryption key, and it is recommended to share the key via a local QR code for higher security operations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin versions prior to the current version Description: The goTenna Pro ATAK Plugin does not encrypt callsigns in messages, potentially revealing sensitive information about users. It is advised not to use sensitive information in callsigns when using this and previous versions of the plugin. The issue can be mitigated by updating to the current plugin version, which uses AES-256 encryption for callsigns in encrypted operation. Recommendations: Update to the current plugin version, which uses AES-256 encryption for callsigns in encrypted operation. As a temporary workaround, consider not using sensitive information in callsigns until the update is applied.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App versions (affected versions not specified) goTenna Pro X goTenna Pro X2 **Description** The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and the password is cracked via a brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. **Recommendations** For goTenna Pro App, consider using local QR encryption key sharing for additional security. For goTenna Pro X, use local QR encryption key sharing for additional security. For goTenna Pro X2, use local QR encryption key sharing for additional security. As a temporary workaround, consider disabling the key broadcast method until a patch is available. Restrict access to the key broadcast feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X goTenna Pro X2 **Description** The encryption keys in the goTenna Pro App are stored along with a static IV on the End User Device (EUD), allowing for complete decryption of keys if the device is physically compromised. This enables an attacker to decrypt all encrypted broadcast communications based on the stored encryption keys. To mitigate this, strong access control measures and layered encryption on the EUD are recommended for more secure operation. **Recommendations** For goTenna Pro App, consider using strong access control measures and layered encryption on the End User Device for more secure operation. For goTenna Pro X, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For goTenna Pro X2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified) **Description** The goTenna Pro series uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. **Recommendations** Update to the current release for more secure operations. As a temporary workaround, consider using additional integrity checking mechanisms to minimize the risk of exploitation. Restrict access to sensitive messages to minimize the risk of exploitation until a more secure version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App versions prior to the current app version **Description** The issue concerns the lack of encryption for callsigns in messages. This could potentially reveal sensitive information about users and may be leveraged for other vulnerabilities. It is recommended not to use sensitive information in callsigns when using affected versions of the app. The current app version uses AES-256 encryption for callsigns in encrypted operation. **Recommendations** Update the app to the current version, which uses AES-256 encryption for callsigns in encrypted operation. As a temporary workaround, consider not using sensitive information in callsigns until the app is updated.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified) goTenna Pro series (affected versions not specified) **Description** The issue allows an unauthenticated attacker to manipulate messages due to the lack of public key authentication. This can lead to message interception and manipulation. It is recommended to update the app to the current release for enhanced encryption protocols. **Recommendations** For goTenna Pro App, update to the current release for enhanced encryption protocols. For goTenna Pro X, update to the current release for enhanced encryption protocols. For goTenna Pro X2, update to the current release for enhanced encryption protocols. For goTenna Pro series, update to the current release for enhanced encryption protocols.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified) **Description** The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This issue only applies to the optional broadcast of an encryption key. For higher security operations, it is advised to share the key with a local QR code. **Recommendations** For goTenna Pro App, consider disabling the broadcast of encryption keys until a patch is available. For goTenna Pro X, restrict access to the key sharing feature to minimize the risk of exploitation. For goTenna Pro X2, avoid using the broadcasted encryption key until the issue is resolved. As a temporary workaround, consider sharing keys with a local QR code for higher security operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X goTenna Pro X2 **Description** The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. This can be exploited in unencrypted environments or if the cryptography has been compromised. **Recommendations** For goTenna Pro App, update the app to the current release for enhanced encryption protocols. For goTenna Pro X and goTenna Pro X2, update the app to the current release for enhanced encryption protocols. As a temporary workaround, consider sharing encryption keys via QR scanning for higher security operations.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified) **Description** The goTenna Pro App encryption key name is sent unencrypted when shared over RF through a broadcast message, potentially revealing the location of operation. It is recommended to share the encryption key via local QR for higher security operations. **Recommendations** For goTenna Pro App, consider sharing the encryption key via local QR instead of over RF through a broadcast message to minimize the risk of exploitation. For goTenna Pro X, consider sharing the encryption key via local QR instead of over RF through a broadcast message to minimize the risk of exploitation. For goTenna Pro X2, consider sharing the encryption key via local QR instead of over RF through a broadcast message to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X and Pro X2 (affected versions not specified) **Description** The issue is related to the goTenna Pro App not injecting extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used. **Recommendations** For goTenna Pro App, consider implementing a payload length obfuscation mechanism to prevent attackers from determining the length of the payload. For goTenna Pro X and Pro X2, consider implementing a payload length obfuscation mechanism to prevent attackers from determining the length of the payload. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified) **Description** The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. This issue affects the encryption protocols used by the app. **Recommendations** For goTenna Pro App, update your app to the current release for enhanced encryption protocols. For goTenna Pro X, update your app to the current release for enhanced encryption protocols. For goTenna Pro X2, update your app to the current release for enhanced encryption protocols.