TETRA radio comms used by emergency heroes easily cracked, say experts

Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.

The flaws, dubbed TETRA:BURST, are said to affect all TETRA radio networks. They potentially allow an attacker to decrypt communications in real-time or after the fact, to inject messages, to deanonymize users, or to set the session key to zero for uplink interception.

Two of the flaws are characterized as critical. The first (CVE-2022-24401) is an oracle decryption attack that can be used to reveal text, voice, or data communication. It is made possible by the Air Interface Encryption (AIE) keystream generator’s reliance on network time, which is broadcast publicly and without encryption.

The second (CVE-2022-24402) is an engineering weakness – the TEA1 [PDF] encryption algorithm, according to the researchers, “has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes.”

The Midnight Blue team contends the backdoor follows from deliberate algorithm design decisions.

“The vulnerability in the TEA1 cipher (CVE-2022-24402) is obviously the result of intentional weakening,” the researchers state in their disclosure. “While the cipher itself does not seem to be a terribly weak design, there is a computational step which serves no other purpose than to reduce the key’s effective entropy.”

The security pros explain that the use of secret, proprietary cryptography has been a common theme in previously identified flaws affecting GSM (A5/1, A5/2), GMR (GMR-1), GPRS (GEA-1), DMR (‘Basic’ and ‘Enhanced’ encryption), and P25 (ADP) – used in North America. These issues follow largely from export control practices that insist on weak encryption, they suggest.

“Despite being widely used and relying on secret cryptography, TETRA had never been subjected to in-depth public security research in its 20+ year history as a result of this secrecy,” Midnight Blue explained in its disclosure.

“In order to shed light on this important piece of technology, Midnight Blue was granted funding by the non-profit NLnet foundation as part of its European Commission supported NGI0 PET fund. Midnight Blue managed to reverse-engineer and publicly analyze the TAA1 and TEA algorithms for the first time, and as a result discovered the TETRA:BURST vulnerabilities.”

The European Telecommunications Standards Institute (ETSI), which oversees the TETRA specification, did not immediately respond to a request for comment.

The three less-than-critical vulnerabilities consist of: CVE-2022-24404, a high-severity vulnerability arising from lack of ciphertext authentication on the AIE that enables a malleability attack; CVE-2022-24403, a high-severity vulnerability that allows radio identities to be identified and tracked due to weak cryptographic design; and CVE-2022-24400, a low-severity vulnerability that allows confidentially to be partial compromised through a flawed authentication algorithms that permits the setting of the Derived Cypher Key (DCK) to 0.

Technical details of the flaws are due to be released on August 9, 2023, at the Black Hat security conference in Las Vegas, and at Usenix Security and DEF CON. Midnight Blue said it waited one and half years to disclose details rather than the usual six months for hardware and embedded systems due to the sensitivity of the matter and the complexity of remediation.

The primary concern, they say, for law enforcement and military users of TETRA networks is the possibility that messages will be intercepted or manipulated. That’s also a potential problem for critical infrastructure operators, who could see the communication services of private security firms manipulated or even the injection of data traffic that would affect the monitoring and control of industrial equipment, like railway switches or electrical substation circuit breakers.

Patches are available for some of the vulnerabilities. ®

READ MORE HERE