![[-]](https://www.aiowares.com/images/collapse.png "[-]")
07-25-2023, 08:58 PM
Global police and airport radio system open for spying
TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, was found to be littered with critical bugs, allowing attackers to take over communications, researchers say.
The trunked radio system TETRA, used by law enforcement, the military, critical infrastructure, and industrial companies, is affected by at least five bugs, exposing the system to various attacks.
Trunked radio systems allow computer-managed communications, constantly finding open channels. The system has a longer range and needs fewer base stations, making it the top choice for organizations that value speed, operate remotely, or need uninterrupted comms.
According to cybersecurity firm Midnight Blue, TETRA has never been subject to in-depth security research, even though the system has been used since 1995. Midnight Blue’s analysis, dubbed TETRA:BURST, revealed various ways that attackers could exploit the system.
“Depending on infrastructure and device configurations, these vulnerabilities allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning,” researchers said.
Two out of the five bugs which researchers found, tracked as CVE-2022-24401 and CVE-2022-24402, were deemed “critical,” with the second one allowing attackers to brute force hardware in mere minutes.
Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level described as low.
“The issues of most immediate concern, especially to law enforcement and military users, are the decryption oracle and malleability attacks, which allow for interception and malicious message injection against all non-E2EE protected traffic regardless of which TEA cipher is used,” researchers said.
The exploits also allow attackers to break TETRA’s cipher, which could lead to unauthorized interception or manipulation of radio traffic. Not only could threat actors leverage the flaws to intercept radio communications of private security services at harbors, airports, and railways, but they could also inject data traffic used for monitoring and control of industrial equipment.
“Decrypting this traffic and injecting malicious traffic allows an attacker to potentially perform dangerous actions such as opening circuit breakers in electrical substations or manipulate railway signaling messages,” researchers said.
The report’s authors claim that the issues can be mitigated by a combination of available patches and compensating controls, all of which are detailed in the report.
TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, was found to be littered with critical bugs, allowing attackers to take over communications, researchers say.
The trunked radio system TETRA, used by law enforcement, the military, critical infrastructure, and industrial companies, is affected by at least five bugs, exposing the system to various attacks.
Trunked radio systems allow computer-managed communications, constantly finding open channels. The system has a longer range and needs fewer base stations, making it the top choice for organizations that value speed, operate remotely, or need uninterrupted comms.
According to cybersecurity firm Midnight Blue, TETRA has never been subject to in-depth security research, even though the system has been used since 1995. Midnight Blue’s analysis, dubbed TETRA:BURST, revealed various ways that attackers could exploit the system.
“Depending on infrastructure and device configurations, these vulnerabilities allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning,” researchers said.
Two out of the five bugs which researchers found, tracked as CVE-2022-24401 and CVE-2022-24402, were deemed “critical,” with the second one allowing attackers to brute force hardware in mere minutes.
Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level described as low.
“The issues of most immediate concern, especially to law enforcement and military users, are the decryption oracle and malleability attacks, which allow for interception and malicious message injection against all non-E2EE protected traffic regardless of which TEA cipher is used,” researchers said.
The exploits also allow attackers to break TETRA’s cipher, which could lead to unauthorized interception or manipulation of radio traffic. Not only could threat actors leverage the flaws to intercept radio communications of private security services at harbors, airports, and railways, but they could also inject data traffic used for monitoring and control of industrial equipment.
“Decrypting this traffic and injecting malicious traffic allows an attacker to potentially perform dangerous actions such as opening circuit breakers in electrical substations or manipulate railway signaling messages,” researchers said.
The report’s authors claim that the issues can be mitigated by a combination of available patches and compensating controls, all of which are detailed in the report.
