iTnews Asia
  • Home
  • News
  • Security

TETRA radio protocol found to be vulnerable

TETRA radio protocol found to be vulnerable

Weak encryption in emergency services radio.

By Richard Chirgwin on Jul 26, 2023 11:54AM

Dutch security researchers have disclosed a collection of vulnerabilities in the TETRA protocol used in emergency services, military, infrastructure and other applications.

Collectively dubbed TETRA.BURST, the vulnerabilities “allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning”, the researchers from company Midnight Blue said.

The vulnerabilities have been designated CVE-2022-24401, CVE-2022-24402, CVE-2022-24404, CVE-2022-24403, and CVE-2022-24400; all of which are cryptographic flaws of some kind.

Most of the vulnerabilities, the researchers wrote, affect all TETRA networks, but vendors have begun shipping firmware patches.

Some need mitigation via “compensating controls”, the authors said.

Two of the vulnerabilities, CVE-2022-22401 and CVE-2022-22402, are rated critical.

CVE-2022-22401 allows decryption oracle attacks, because TETRA’s air interface encryption keystream “relies on the network time, which is publicly broadcast in an unauthenticated manner”, the researchers said.

A capable adversary could “intercept or manipulate law enforcement and military radio communications”.

CVE-2022-22402 is a backdoor in TETRA’s TEA1 algorithm, used to encrypt the air interface.

The backdoor “reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes,” the researchers said.

This constitutes a “full break of the cipher”, they wrote, “allowing for interception or manipulation of radio traffic."

As well as intercepting traffic, an attacker could inject traffic.

For example, if an electricity utility was using TETRA for SCADA communications, an attacker could “perform dangerous actions such as opening circuit breakers in electrical substations”.

CVE-2022-24403 (a user deanonymisation vulnerability) and CVE-2022-24404 (a lack of ciphertext authentication on the air interface) are rated high severity, while CVE-2022-24400 is a low-severity flaw in the authentication algorithm.

For CVE-2022-24401 and CVE-2022-24404, firmware patches are available; CVE-2022-24402 and CVE-2022-24403 can be mitigated using end-to-end encryption; and CVE-2022-24400 is fixed by migrating to TAA2.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
midnight blue security tetra tetraburst

Related Articles

  • Proofpoint CEO: A tool-based approach for cybersecurity is impractical
  • Akamai: AI-security is both a security imperative and an economic necessity
  • The real-life Tom & Jerry chase
  • How can we bolster our resilience against AI-enabled e-mail attacks?
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Proofpoint CEO: A tool-based approach for cybersecurity is impractical

Proofpoint CEO: A tool-based approach for cybersecurity is impractical
The real-life Tom & Jerry chase

The real-life Tom & Jerry chase
How can we bolster our resilience against AI-enabled e-mail attacks?

How can we bolster our resilience against AI-enabled e-mail attacks?
Akamai: AI-security is both a security imperative and an economic necessity

Akamai: AI-security is both a security imperative and an economic necessity
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.