Researchers have discovered that TETRA, a radio technology used by critical infrastructure authorities, port administrations, and police forces, has many serious bugs. These bugs can be exploited by attackers to gain control of the communications.
TETRA, the trunked radio system utilized by law enforcement, the military, critical infrastructure, and industrial companies, has at least five bugs. These bugs make the system vulnerable to different attacks.
The use of trunked radio systems enables computer-managed communication, ensuring a constant availability of open channels. The system is preferred by organizations that value speed, operate remotely, or need uninterrupted communication, because it has a longer range and requires fewer base stations.
TETRA, a system that has been in use since 1995, has never undergone comprehensive security research, as stated by cyber security firm Midnight Blue. The analysis conducted by Midnight Blue, named TETRA:BURST, has uncovered a multitude of methods that attackers could potentially utilize to exploit the system.
TETRA is used worldwide to control critical infrastructure, including high-voltage distribution boxes, oil and gas pipelines, and railway safety devices. TETRA is widely utilized for infrastructure purposes in several countries, including Germany, France, and Spain, among others. Those countries may now be at risk of sabotage.
“The results of research are serious,” says Bart Jacobs, professor of computer security at Radboud University Nijmegen. “It is serious for the government, but also for the business community. It concerns vital infrastructure whose functioning can be affected by serious attacks.”
Two of them, tracked as CVE-2022-24401 and CVE-2022-24402, are considered critical. The second bug allows attackers to brute force hardware within minutes.
Two of the remaining three, CVE-2022-24404 and CVE-2022-24403, are of high severity, with the last one, CVE-2022-24400, having a severity level.
Police C2000 network
The second major vulnerability in TETRA can be used to crack our emergency services’ C2000 network. It uses a different kind of TETRA technology, but it can still be tapped by attackers, such as criminal organizations and malicious foreign governments, the researchers warn.
The investigation, called TETRA:BURST, has lasted more than a year. Recently, the researchers have been busy informing affected organizations of the vulnerabilities. That is not easy: many companies in the critical infrastructure do not respond to their e-mails, the researchers say, and are therefore still at risk.
Source: nltimes, cybernews, hackernews