Zero-day vulnerabilities discovered in TETRA emergency-services-communications protocol

A radio communications protocol used by emergency services worldwide harbors several critical vulnerabilities that could allow adversaries to spy on or manipulate the transmissions, researchers found.

Terrestrial Trunked Radio (TETRA) is a radio voice and data standard mainly used by emergency services, such as police, fire brigade, and military, as well as in some industrial environments.

Multiple TETRA secure channels offer key management, voice, and data encryption, while the TETRA Encryption Algorithm (TEA1) implements the actual encryption algorithms that ensure that data is confidentially communicated over the air.

Researchers from Midnight Blue Labs found five vulnerabilities in TETRA — with CVE-2022-24402 and CVE-2022-24401 both rated as critical. Collectively, the zero-day vulnerabilities are known as “TETRA:BURST.” The researchers will present their findings at Black Hat USA next month.

Depending on infrastructure and device configurations, these vulnerabilities allow for real-time or delayed decryption, message injection, user deanonymization, or session key pinning attacks. Practically, these vulnerabilities allow high-end adversaries to listen in on police and military communications, track their movements, or manipulate critical infrastructure network communications carried over TETRA.

Time for TEA?

In a demonstration video of CVE-2022-24401, researchers showed that an attacker would be able to capture the encrypted message by targeting a radio to which the message was being sent. Midnight Blue founding partner Wouter Bokslag says that in none of the circumstances for this vulnerability do you get your hands on a key: “The only thing is you’re getting is the key stream, which you can use to decrypt, arbitrary frames, or arbitrary messages that go over the network.”

A second demonstration video of CVE-2022-24402 reveals that there is a backdoor in the TEA1 algorithm that affects networks relying on TEA1 for confidentiality and integrity. It was also discovered that the TEA1 algorithm uses an 80-bit key that an attacker could do a brute-force attack on, and listen in to the communications undetected.

Bokslag admits that using the term backdoor is strong, but it is justified in this instance. “As you feed an 80 bits key to TEA1, that flows through a reduction step and which leaves it with only 32 bits of key material, and it will carry on doing the decryption with only those 32 bits,” he says.

Bokslag says this weakening of the cipher would allow an attacker to exhaustively search through the 32 bits, and decrypt all the traffic with very cheap hardware. This would only require a $10 USB dongle to receive signals, and using a standard laptop an attacker would have access until the key changes — and in many cases, the key is never changed, so the attacker would have permanent access to communications.

To read the complete article, visit Dark Reading.