Critical Vulnerabilities Found in Radio Encryption System
Cyber Security Threat Summary:
Security experts have discovered numerous vulnerabilities in a widely employed radio communication system, which is extensively used by law enforcement and critical infrastructure for transmitting data. These vulnerabilities could potentially enable remote decryption of cryptographically protected communications. Five vulnerabilities in Terrestrial Trunked Radio, a European radio communication standard have been identified by researchers from the Dutch security firm Midnight Blue. This standard is adopted by major device manufacturers, and is considered the most extensively utilized police radio communication worldwide, excluding the United States.
“The flaws identified by the firm reside in proprietary cryptographic algorithms that, against a widely accepted cryptographic principle holding that obscurity is detrimental to security, are distributed under a strict nondisclosure agreement. Researchers extracted the algorithms by hacking a Motorola radio, Wired reported Monday. Midnight Blue is reserving technical details for a presentation at Black Hat on Aug. 9. It dubbed its findings TETRA:Burst. The firm notified the European Telecommunications Standards Institute, which developed the TETRA standards during the 1990s, of its findings roughly 18 months ago. In November, ETSI released a new suite of encryption algorithms and said end-to-end encryption mitigates a particular weakness flagged by researchers that resides in a TETRA encryption algorithm known as TEA1. The Midnight Blue researchers found a "backdoor" in TEA1 that allows an attacker to reduce an 80-bit encryption key to a smaller size that can be brute-forced. ETSI contested that the TEA1 flaw is a backdoor and said that the algorithm follows standards governing the export of cryptographic systems. It also emphasized that TEA1 is rated for general use rather than police use” (BleepingComputer, 2023).
Security Officer Comments:
Security researchers from Midnight Blue have expressed concern over the discovered flaw, pointing out that private security services responsible for safeguarding critical infrastructure like airports and harbors, might be using radios encrypted with TEA1- an algorithm employed in machine to machine communication for monitoring industrial equipment. This raises the possibility of attackers injecting malicious traffic into important systems. Further, the European Telecommunications Standards Institute stated they are not aware of any active exploitation at this time.
Suggested Correction(s):
Remediating patches are available for some of the TETRA:BURST issues while compensating controls are available for others. A detailed advisory has been distributed to relevant stakeholders through the Dutch National Cyber-Security Centre (NCSC) and will be released publicly once the embargo on the technical details is lifted.
- CVE-2022-24404, CVE-2022-24401 - Apply radio firmware patch
- CVE-2022-24402 - Renew keys frequently
- CVE-2022-24403 - Use E2EE
- CVE-2022-24400 - Migrate to TAA2 (long-term)
Link(s):
https://www.databreachtoday.com/critical-vulnerabilities-found-in-radio-encryption-system-a-22643
https://www.midnightblue.nl/tetraburst