Emergency Services Radio Communications Protocol Found to Have Critical Vulnerabilities
Introduction
A radio communications protocol widely used by emergency services and in some industrial environments has been found to harbor critical vulnerabilities that could enable adversaries to spy on or manipulate transmissions. Terrestrial Trunked Radio (TETRA), which provides voice and data communication, is predominantly used by entities like police, fire brigades, and the military. Researchers from Midnight Blue Labs have uncovered five vulnerabilities in TETRA, with two vulnerabilities, CVE-2022-24402 and CVE-2022-24401, rated as critical. The vulnerabilities collectively referred to as “TETRA:BURST” will be presented at the upcoming Black Hat USA conference. These vulnerabilities could have severe repercussions as they allow high-end adversaries to listen in on critical communications, track movements of emergency personnel, and potentially manipulate infrastructure networks reliant on TETRA.
Understanding the Vulnerabilities
The researchers’ findings highlight the vulnerabilities present in TETRA, including real-time or delayed decryption, message injection, user deanonymization, and session key pinning attacks. Exploiting these vulnerabilities, skilled attackers can eavesdrop on police and military communications, compromise sensitive information, and potentially disrupt critical infrastructure networks. One of the demonstrated vulnerabilities, CVE-2022-24401, allows an attacker to capture encrypted messages by targeting the recipient radio. While the attacker does not gain access to the encryption key, they obtain the key stream, which can be used to decrypt arbitrary frames or messages. Another vulnerability, CVE-2022-24402, reveals a backdoor in the TETRA Encryption Algorithm (TEA1), which enables an attacker to perform a brute-force attack on the 80-bit key used in TEA1. This backdoor weakens the cipher, allowing an attacker using inexpensive hardware to decrypt traffic until the key changes, and in cases where the key is not changed, they would have permanent access to communications.
Motivation for Research
The researchers’ motivation for investigating TETRA’s security vulnerabilities stems from their goal to uncover flaws in proprietary cryptographic systems and promote the use of open cryptography. By subjecting TETRA to thorough review and risk analysis, they aim to level the playing field for all stakeholders and ensure identified issues are resolved. TETRA was first published by the European Telecommunications Standards Institute (ETSI) in 1995 and has since become one of the most widely-used professional mobile radio standards, especially in law enforcement. However, its security is reliant on secret, proprietary cryptographic algorithms, which are shared under strict nondisclosure agreements with limited parties. The researchers’ findings also align with previous information leaked by Edward Snowden in 2013, highlighting the interception of TETRA communications.
Mitigating the Vulnerabilities
While some of the vulnerabilities discovered by the researchers can be addressed through firmware updates, others are inherent to the TETRA standard and cannot be fixed through this method. One such vulnerability, CVE-2022-24402, falls into the latter category. Resolving this particular vulnerability would require a costly and labor-intensive rollout of end-to-end encryption as a solution. These vulnerabilities affect users in over 100 countries, spanning industries such as law enforcement, military, intelligence services, and other sectors. The researchers have been collaborating with manufacturers and network operators to assist in resolving these issues. Manufacturers have already developed patches in response to the research, and Midnight Blue Labs recommends migrating from TEA1 to another TEA cipher as a temporary solution.
Conclusion
The discovery of critical vulnerabilities in TETRA raises concerns about the security of emergency services and critical infrastructure communications. The exposed weaknesses in this widely used protocol have far-reaching implications and necessitate immediate attention from manufacturers, network operators, and relevant authorities. Moving forward, the prioritization of rigorous security assessments in critical communication systems is imperative. As technology continues to advance, it is crucial to apply open cryptography principles and ensure an inclusive and transparent approach to secure communications. By addressing these vulnerabilities promptly and implementing robust security measures, emergency services can safeguard their communications and protect against potential threats to public safety.
<< photo by Alexander Cifuentes >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- How did the Ivanti Zero-Day Exploit Cause Havoc in Norway’s Government Services?
- Patch Now: The Looming Threat of Total Takeover for Up to 900K Vulnerable MikroTik Routers
- The Broken Puzzle: Decoding the Jumbled Maze of Computer Security Advice
- 900K MikroTik Routers: Urgent Patch Required to Prevent Total Takeover
- The Rise of ‘FraudGPT’: A Dangerous Chatbot Peddled on the Dark Web
- The Implications of TETRA Radio Standard Vulnerabilities on National Security
- Zenbleed: Unveiling the Vulnerabilities Lurking in AMD CPUs
- Closing the Cybersecurity Talent Gap: The Role of MDR in Bridging the Divide
