TETRA:BURST: Critical Vulnerabilities Uncovered in Widely Adopted Radio Communication System: The Terrestrial Trunked Radio (TETRA) communication system, widely used by government entities and critical infrastructure sectors, has recently been exposed to a set of five security vulnerabilities.
These vulnerabilities, known as TETRA:BURST, have the potential to compromise sensitive information.
This news item delves into the details of the vulnerabilities, their potential impact, and the implications for organizations relying on TETRA-based radios.
Key Takeaways to TETRA:BURST: Critical Vulnerabilities Uncovered in Widely Adopted Radio Communication System:
- Midnight Blue, a Netherlands-based cybersecurity company, discovered five vulnerabilities in the TETRA communication system, potentially enabling real-time decryption, message injection, user deanonymization, and session key pinning.
- TETRA is extensively used in over 100 countries for police radio communication and critical infrastructure control, including power grids, gas pipelines, and railways.
- Some of the critical vulnerabilities identified (CVE-2022-24401 and CVE-2022-24402) could lead to severe consequences, such as decryption oracle attacks, and manipulation of control systems, presenting potential risks to essential services.
The Terrestrial Trunked Radio (TETRA), a communication system utilized by government entities and vital infrastructure sectors, faces significant security concerns with the disclosure of five new vulnerabilities named TETRA:BURST.
These vulnerabilities, discovered by cybersecurity firm Midnight Blue in 2021, raise alarms about potential threats to sensitive information. Although there is no evidence of exploitation yet, the vulnerabilities pose serious risks to TETRA’s security.
TETRA: A Widely Used Radio Communication Standard
TETRA, standardized by the European Telecommunications Standards Institute (ETSI) in 1995, is extensively adopted in more than 100 countries. Besides serving as a police radio communication system outside the U.S., TETRA plays a pivotal role in controlling critical infrastructures like power grids, gas pipelines, and railways.
Its crucial application extends to the United States, where TETRA-based radios are estimated to be in use across at least two dozen critical infrastructures.
Guarded Cryptographic Algorithms Under Threat
The robustness of TETRA’s security lies in a collection of secret cryptographic algorithms—the TETRA Authentication Algorithm (TAA1) suite and the TETRA Encryption Algorithm (TEA) suite.
These algorithms have been closely guarded as trade secrets, protected under non-disclosure agreements (NDAs).
However, Midnight Blue’s reverse engineering revealed vulnerabilities within these algorithms, raising concerns about their reliability and security.
Critical Vulnerabilities Unveiled
Midnight Blue identified five critical vulnerabilities with varying severity levels:
CVE-2022-24400: Authentication Algorithm Flaw
This vulnerability allows attackers to set the Derived Cypher Key (DCK) to 0, potentially compromising the authentication process.
CVE-2022-24401: Air Interface Encryption (AIE) Weakness
The AIE keystream generator relies on publicly broadcast network time, enabling decryption oracle attacks that could expose text, voice, or data communications without knowledge of the encryption key.
CVE-2022-24402: Intentional Weakness in TEA1 Algorithm
The TEA1 algorithm contains a backdoor that significantly reduces the original key size, facilitating brute-force attacks on consumer hardware within minutes.
CVE-2022-24403: Weakness in Radio Identity Obfuscation
The cryptographic scheme used to hide radio identities displays design weaknesses, allowing attackers to deanonymize and track users.
CVE-2022-24404: Lack of Ciphertext Authentication on AIE
The absence of ciphertext authentication enables malleability attacks on AIE, compromising data integrity.
Potential Consequences and Impacts
The severity of these vulnerabilities depends on how TETRA is utilized by organizations, whether it transmits voice or data, and the cryptographic algorithm in place.
The most critical issues, CVE-2022-24401 and CVE-2022-24402, open the door to potential decryption and manipulation attacks, impacting both passive and active adversaries.
Countering Misuse of Vulnerabilities
Forescout, a cybersecurity company, underlines the importance of organizations implementing proper infrastructure and device configurations to mitigate potential risks posed by TETRA vulnerabilities.
Promptly installing patches and bolstering security measures will be crucial to safeguarding communications and preventing unauthorized access.
Conclusion
The TETRA communication system, widely adopted in government and critical infrastructure sectors, faces a significant challenge with the discovery of critical vulnerabilities in its cryptographic algorithms.
The disclosure of TETRA:BURST vulnerabilities highlights the need for immediate action and vigilant security practices to protect sensitive information and maintain the integrity of essential services.
Organizations utilizing TETRA-based radios should prioritize cybersecurity measures to defend against potential attacks exploiting these newly exposed vulnerabilities.
