Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties.
Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical.
TETRA is used for communication by police, fire and ambulance services, transportation agencies, utilities, military and border control organizations, UN, and NATO in over 100 countries worldwide. The TETRA:BURST vulnerabilities could enable threat actors to get access to and exfiltrate sensitive data and even alter law enforcement and military radio communication. Most of them impact all TETRA networks.
Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning
Although there it is possible that the five CVEs have been also discovered by malicious actors, researchers claim there is yet no evidence of them being exploited in the wild.
The Five TETRA:BURST Vulnerabilities Described
The security researchers used reverse engineering techniques to discover the TETRA:BURST vulnerabilities. Rated from high to critical, the bugs allow ”practical interception and manipulation attacks by both passive and active adversaries”. (Source)
Threat actors can use them as follows:
- CVE-2022-24401 allows decryption oracle attacks. Hackers could exploit it to compromise the confidentiality and authenticity of data. The flaw was rated critical.
- CVE-2022-24402 is a backdoor in the TEA1 encryption algorithm. It permits brute-forcing on keys and leads to a loss of confidentiality and authenticity. This flaw was also rated critical.
- CVE-2022-24404 was scored high and is an authentication vulnerability on AIE that enables malleability attacks, leading to a loss of authentication.
- CVE-2022-24403 exposes users` identities, as it fails to obfuscate radio identities. Its CVSS is high.
- CVE-2022-24400 is a flaw in the authentication algorithm and is rated as low risk. It can result in a loss of authenticity and a partial loss of data integrity.
Risk Mitigation and Further Advice
For the moment, patches are available only for CVE-2022-24401 and CVE-2022-24404 and should, of course, be applied.
Security specialists recommend using end-to-end encryption to mitigate CVE-2022-24402 and CVE-2022-24403 risks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.