Thursday , June 5 2025

“TETRA: BURST” Global police, airport radio system and energy vulnerable to hackers

Researchers have discovered that TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, has many serious bugs. These bugs can be exploited by attackers to gain control of the communications.

TETRA, the trunked radio system utilized by law enforcement, the military, critical infrastructure, and industrial companies, has at least five bugs. These bugs make the system vulnerable to different attacks.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

The use of trunked radio systems enables computer-managed communication, ensuring a constant availability of open channels. The system is preferred by organizations that value speed, operate remotely, or need uninterrupted communication, because it has a longer range and requires fewer base stations.

TETRA, a system that has been in use since 1995, has never undergone comprehensive security research, as stated by cyber security firm Midnight Blue. The analysis conducted by Midnight Blue, named TETRA:BURST, has uncovered a multitude of methods that attackers could potentially utilize to exploit the system.

TETRA is used worldwide to control critical infrastructure, including high-voltage distribution boxes, oil and gas pipelines, and railway safety devices. TETRA is widely utilized for infrastructure purposes in several countries, including Germany, France, and Spain, among others. Those countries may now be at risk of sabotage.

“The results of research are serious,” says Bart Jacobs, professor of computer security at Radboud University Nijmegen. “It is serious for the government, but also for the business community. It concerns vital infrastructure whose functioning can be affected by serious attacks.”

Two of them, tracked as CVE-2022-24401 and CVE-2022-24402, are considered critical. The second bug allows attackers to brute force hardware within minutes.

Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level.

Police C2000 network

The second major vulnerability in TETRA can be used to crack our emergency services’ C2000 network. It uses a different kind of TETRA technology, but it can still be tapped by attackers, such as criminal organizations and malicious foreign governments, the researchers warn.

The investigation, called TETRA:BURST, has lasted more than a year. Recently, the researchers have been busy informing affected organizations of the vulnerabilities. That is not easy: many companies in the critical infrastructure do not respond to their e-mails, the researchers say, and are therefore still at risk.

 

Source: nltimes, cybernews, hackernews

Check Also

Australia

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations …

Leave a Reply

Your email address will not be published. Required fields are marked *