Security News > 2023 > July > TETRA radio comms used by emergency heroes easily cracked, say experts

Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio, used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.

"The vulnerability in the TEA1 cipher is obviously the result of intentional weakening," the researchers state in their disclosure.

The security pros explain that the use of secret, proprietary cryptography has been a common theme in previously identified flaws affecting GSM, GMR, GPRS, DMR, and P25 - used in North America.

"Despite being widely used and relying on secret cryptography, TETRA had never been subjected to in-depth public security research in its 20+ year history as a result of this secrecy," Midnight Blue explained in its disclosure.

"In order to shed light on this important piece of technology, Midnight Blue was granted funding by the non-profit NLnet foundation as part of its European Commission supported NGI0 PET fund. Midnight Blue managed to reverse-engineer and publicly analyze the TAA1 and TEA algorithms for the first time, and as a result discovered the TETRA:BURST vulnerabilities."

The three less-than-critical vulnerabilities consist of: CVE-2022-24404, a high-severity vulnerability arising from lack of ciphertext authentication on the AIE that enables a malleability attack; CVE-2022-24403, a high-severity vulnerability that allows radio identities to be identified and tracked due to weak cryptographic design; and CVE-2022-24400, a low-severity vulnerability that allows confidentially to be partial compromised through a flawed authentication algorithms that permits the setting of the Derived Cypher Key to 0.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/24/tetra_hardware_backdoor_opened_by/