Researchers have discovered several security vulnerabilities in the Terrestrial Trunked Radio (TETRA) standard. Emergency services such as the Dutch C2000, as well as military communications and critical infrastructure, use this standard. These include a backdoor in the algorithm for encrypting radio traffic. Researchers at security company Midnight Blue recently discovered this.
Through the vulnerabilities, it is possible to decrypt encrypted messages and inject fake messages. These include a cryptographic backdoor in the TEA1 algorithm. "This backdoor breaks through all the security of the algorithm, and enables decryption and manipulation of radio traffic," says Carlo Meijer of Midnight Blue.
Malicious parties can use this backdoor to intercept radio communications from private security services at ports, airports and railroads. They can also inject data traffic used to monitor or control industrial equipment via this route. "This can allow an attacker to perform potentially dangerous actions, such as opening switches in electrical distribution stations or manipulating railroad signaling messages," Meijer said.
The vulnerability, designated CVE-2022-24402, reduces the original 80-bit key to a key length that can be cracked on consumer hardware within minutes. It is then possible to eavesdrop and modify the encrypted traffic. The National Cyber Security Center (NCSC) has since distributed a report to stakeholders. During Black Hat USA 2023 in Las Vegas, the report will be made public.
