Thursday , November 14 2024

“TETRA: BURST” Global police, airport radio system and energy vulnerable to hackers

Researchers have discovered that TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, has many serious bugs. These bugs can be exploited by attackers to gain control of the communications.

TETRA, the trunked radio system utilized by law enforcement, the military, critical infrastructure, and industrial companies, has at least five bugs. These bugs make the system vulnerable to different attacks.

Bitdefender releases free decryptor for ShrinkLocker ransomware

Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware....
Read More
Bitdefender releases free decryptor for ShrinkLocker ransomware

Fortinet releases updates for Various Products

Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take...
Read More
Fortinet releases updates for Various Products

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

Microsoft's latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited....
Read More
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

The use of trunked radio systems enables computer-managed communication, ensuring a constant availability of open channels. The system is preferred by organizations that value speed, operate remotely, or need uninterrupted communication, because it has a longer range and requires fewer base stations.

TETRA, a system that has been in use since 1995, has never undergone comprehensive security research, as stated by cyber security firm Midnight Blue. The analysis conducted by Midnight Blue, named TETRA:BURST, has uncovered a multitude of methods that attackers could potentially utilize to exploit the system.

TETRA is used worldwide to control critical infrastructure, including high-voltage distribution boxes, oil and gas pipelines, and railway safety devices. TETRA is widely utilized for infrastructure purposes in several countries, including Germany, France, and Spain, among others. Those countries may now be at risk of sabotage.

“The results of research are serious,” says Bart Jacobs, professor of computer security at Radboud University Nijmegen. “It is serious for the government, but also for the business community. It concerns vital infrastructure whose functioning can be affected by serious attacks.”

Two of them, tracked as CVE-2022-24401 and CVE-2022-24402, are considered critical. The second bug allows attackers to brute force hardware within minutes.

Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level.

Police C2000 network

The second major vulnerability in TETRA can be used to crack our emergency services’ C2000 network. It uses a different kind of TETRA technology, but it can still be tapped by attackers, such as criminal organizations and malicious foreign governments, the researchers warn.

The investigation, called TETRA:BURST, has lasted more than a year. Recently, the researchers have been busy informing affected organizations of the vulnerabilities. That is not easy: many companies in the critical infrastructure do not respond to their e-mails, the researchers say, and are therefore still at risk.

 

Source: nltimes, cybernews, hackernews

Check Also

flowchart

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the …

Leave a Reply

Your email address will not be published. Required fields are marked *