TETRA is a radio technology that is used by law enforcement, the military, critical infrastructure, and industrial companies, and it is apparently littered with critical bugs that allow attackers to take over communications.
A trunked radio system is a two-way radio system that uses a control channel to automatically assign frequency channels to groups of user radios. It has a longer range and needs fewer base stations, making it the top choice for organizations that value speed, operate remotely, or need uninterrupted comms.
Cybersecurity firm Midnight Blue analyzed the system and found various weaknesses, which were detailed in a report titled TETRA:BURST.
The researchers stated- “Depending on infrastructure and device configurations, these vulnerabilities allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning.”
According to Cybernews, two of the five bugs researchers found were deemed “critical,” with one allowing attackers to brute force hardware in mere minutes. Two of the remaining three are of high severity, with the last one having a severity level described as low.
Midnight Blue researchers also said- “The issues of most immediate concern, especially to law enforcement and military users, are the decryption oracle and malleability attacks, which allow for interception and malicious message injection against all non-end-to-end encryption protected traffic regardless of which TEA (Tiny Encryption Algorithm) cipher is used.”
Another danger is that attackers might break TETRA’s cipher, which could lead to unauthorized interception or manipulation of radio traffic. Threat actors could then leverage the flaws to intercept radio communications of private security services at harbors, airports, and railways, or alternately inject data traffic used for monitoring and control of industrial equipment.
“Decrypting this traffic and injecting malicious traffic allows an attacker to potentially perform dangerous actions such as opening circuit breakers in electrical substations or manipulate railway signaling messages,” researchers said.
According to the report’s authors, the issues can be dealt with using a combination of available patches and compensating controls detailed in the report.