Security researchers from Midnight Blue, a Netherlands-based security firm, have discovered five vulnerabilities in the Terrestrial Trunked Radio (TETRA) communication systems. These systems are extensively used by government agencies, law enforcement, and emergency services organizations across Europe, the United Kingdom, and many other countries.
The TETRA:BURST Vulnerabilities
The vulnerabilities, collectively referred to as TETRA:BURST, affect all TETRA radio networks. They could potentially allow an attacker to decrypt communications in real-time or after the fact, inject messages, deanonymize users, or set the session key to zero for uplink interception.
Critical Vulnerabilities: Decryption and Backdoor Access
Two of these vulnerabilities are considered critical. The first, identified as CVE-2022-24401, is an oracle decryption attack that can reveal text, voice, or data communication. This vulnerability is possible due to the Air Interface Encryption (AIE) keystream generator’s reliance on network time, which is broadcast publicly and without encryption. The second critical vulnerability, CVE-2022-24402, is a weakness in the TEA1 encryption algorithm. According to the researchers, this algorithm has a backdoor that reduces the original 80-bit key to a key size that can be brute-forced on consumer hardware in minutes.
The Intentional Weakening of TEA1 Cipher
The researchers argue that the backdoor is a result of deliberate algorithm design decisions. They state, “The vulnerability in the TEA1 cipher (CVE-2022-24402) is obviously the result of intentional weakening. While the cipher itself does not seem to be a terribly weak design, there is a computational step which serves no other purpose than to reduce the key’s effective entropy.”
Additional Vulnerabilities and Risks
The remaining three vulnerabilities, while not as critical, still pose significant risks. These include CVE-2022-24404, a high-severity vulnerability due to lack of ciphertext authentication on the AIE that enables a malleability attack; CVE-2022-24403, a high-severity vulnerability that allows radio identities to be identified and tracked due to weak cryptographic design; and CVE-2022-24400, a low-severity vulnerability that compromises confidentiality through a flawed authentication algorithm that permits the setting of the Derived Cypher Key (DCK) to 0.
Upcoming Disclosure of Technical Details
The researchers plan to release technical details of these flaws on August 9, 2023, at the Black Hat security conference in Las Vegas, and at Usenix Security and DEF CON. They waited one and a half years to disclose these details, longer than the usual six months for hardware and embedded systems, due to the sensitivity of the matter and the complexity of remediation.
Potential Impact on Law Enforcement and Critical Infrastructure
The primary concern for law enforcement and military users of TETRA networks is the possibility that messages will be intercepted or manipulated. This is also a potential problem for critical infrastructure operators, who could see the communication services of private security firms manipulated or even the injection of data traffic that would affect the monitoring and control of industrial equipment, like railway switches or electrical substation circuit breakers.
Call to Action: Check for Patches and Mitigations
Patches are available for some of the vulnerabilities, but it is unclear which manufacturers have prepared them for customers. The researchers urge anyone using radio technologies to check with their manufacturer to determine if their devices are using TETRA and what fixes or mitigations are available. They also caution that the replacement algorithm for TEA1, one of the flawed algorithms, may also be weakened.