Security News > 2023 > July > TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed sensitive information.

"Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning," the Netherlands-based cybersecurity company said.

Standardized by the European Telecommunications Standards Institute in 1995, TETRA is used in more than 100 countries and as a police radio communication system outside the U.S. It's also employed to control essential systems like power grids, gas pipelines, and railways.

The system is underpinned by a collection of secret, proprietary cryptographic algorithms - the TETRA Authentication Algorithm suite for authentication and key distribution purposes and the TETRA Encryption Algorithm suite for Air Interface Encryption - which have been guarded as trade secrets under strict non-disclosure agreements.

"The impact of the issues above is highly dependent on how TETRA is used by organizations, such as whether it transmits voice or data and which cryptographic algorithm is in place," cybersecurity company Forescout said.

CVE-2022-24402, the second critical flaw uncovered in TETRA's TEA1 algorithm, permits attackers to inject data traffic that is used for monitoring and control of industrial equipment, the San Jose firm pointed out.

News URL

https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html