Friday , November 22 2024

“TETRA: BURST” Global police, airport radio system and energy vulnerable to hackers

Researchers have discovered that TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, has many serious bugs. These bugs can be exploited by attackers to gain control of the communications.

TETRA, the trunked radio system utilized by law enforcement, the military, critical infrastructure, and industrial companies, has at least five bugs. These bugs make the system vulnerable to different attacks.

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves...
Read More
CVE-2024-51503  Trend Micro released updates for Deep Security Agent RCE

Apple Releases Patch for two Actively Exploited Zero-Day

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day...
Read More
Apple Releases Patch for two Actively Exploited Zero-Day

Maxar Space Data Leak, Company admit, Investigation ongoing!

Maxar Space Systems has verified a major data breach that exposed particular information of current and former workers. The breach...
Read More
Maxar Space Data Leak, Company admit, Investigation ongoing!

GitHub CLI Vulnerability Could Allow RCE

A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users' devices. With...
Read More
GitHub CLI Vulnerability Could Allow RCE

“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named "Popular life insurance company ltd". The threat actor keeps...
Read More
“Sarcoma” ransomware group  Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

Bug Hunt 2024, one of the largest cyber security competitions and conferences in Bangladesh, was successfully held at the ICT...
Read More
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely

A serious security flaw has been found in some TP-Link routers, potentially enabling hackers to remotely access the affected devices.The...
Read More
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely

WSJ reports
T-Mobile hacked in massive breach of telecom networks

The Wall Street Journal reported on Friday citing people familiar with the matter that T-Mobile’s network was among the systems...
Read More
WSJ reports  T-Mobile hacked in massive breach of telecom networks

Palo Alto Networks Confirms critical RCE zero-day actively exploited

"Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall...
Read More
Palo Alto Networks Confirms critical RCE zero-day actively exploited

The use of trunked radio systems enables computer-managed communication, ensuring a constant availability of open channels. The system is preferred by organizations that value speed, operate remotely, or need uninterrupted communication, because it has a longer range and requires fewer base stations.

TETRA, a system that has been in use since 1995, has never undergone comprehensive security research, as stated by cyber security firm Midnight Blue. The analysis conducted by Midnight Blue, named TETRA:BURST, has uncovered a multitude of methods that attackers could potentially utilize to exploit the system.

TETRA is used worldwide to control critical infrastructure, including high-voltage distribution boxes, oil and gas pipelines, and railway safety devices. TETRA is widely utilized for infrastructure purposes in several countries, including Germany, France, and Spain, among others. Those countries may now be at risk of sabotage.

“The results of research are serious,” says Bart Jacobs, professor of computer security at Radboud University Nijmegen. “It is serious for the government, but also for the business community. It concerns vital infrastructure whose functioning can be affected by serious attacks.”

Two of them, tracked as CVE-2022-24401 and CVE-2022-24402, are considered critical. The second bug allows attackers to brute force hardware within minutes.

Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level.

Police C2000 network

The second major vulnerability in TETRA can be used to crack our emergency services’ C2000 network. It uses a different kind of TETRA technology, but it can still be tapped by attackers, such as criminal organizations and malicious foreign governments, the researchers warn.

The investigation, called TETRA:BURST, has lasted more than a year. Recently, the researchers have been busy informing affected organizations of the vulnerabilities. That is not easy: many companies in the critical infrastructure do not respond to their e-mails, the researchers say, and are therefore still at risk.

 

Source: nltimes, cybernews, hackernews

Check Also

paloalto

Palo Alto Networks Confirms critical RCE zero-day actively exploited

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against …

Leave a Reply

Your email address will not be published. Required fields are marked *