Global radios rely on the TETRA (Terrestrial Trunked Radio) standard, but various vulnerabilities and multiple flaws have been uncovered, impacting its usage in Europe, the UK, and other nations, affecting the following entities:-
- Government agencies
- Law enforcement
- Emergency services organizations
- Defense organizations
All these vulnerabilities were identified in the cryptography and its implementation that enables traffic decryption.
While the cybersecurity researchers at Midnight Blue, a Netherlands-based cybersecurity firm, recently discovered these vulnerabilities.
Flaws in Encrypted Police & Military Radios
Cybersecurity researchers dubbed the vulnerabilities “TETRA:BURST,” that impact all TETRA radio networks, enabling:-
- Real-time decryption
- Message injection
- User deanonymization
- Uplink interception
Moreover, these security flaws existed for decades and were exploited by threat actors to access sensitive information transmitted through the affected channels.
The discovery made by the security analysts was termed as a “backdoor,” but the responsible organization argues it’s for export controls. However, using a standard consumer hardware like a laptop, the radios’ traffic can be decrypted within a minute.
For over 20 years, TETRA lacked public analysis until now, and not all users employ the vulnerable TEA1 encryption.
Multiple flaws enable historical decryption and deanonymization, impacting users like national police, emergency services, military, and critical infrastructure providers. globally
In August, Midnight Blue will unveil their findings at the Black Hat conference after a long and discreet disclosure process financed by NLnet Foundation.
ETSI introduced TETRA in 1995, adopted by Motorola and Airbus. It uses “secret, proprietary cryptography,” making verifying its security challenging.
The researchers bought a TETRA-powered radio from eBay, discovered vulnerabilities, and extracted the cryptographic ciphers, leading to TETRA:BURST and the “secret reduction step” in TEA1, enabling traffic decryption with cheap hardware.
TETRA’s long lifespan allows potential exploitation if aware of TEA1 vulnerability, though not all customers use it now.