Dutch security researchers have disclosed a collection of vulnerabilities in the TETRA protocol used in emergency services, military, infrastructure and other applications.
Collectively dubbed TETRA.BURST, the vulnerabilities “allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning”, the researchers from company Midnight Blue said.
The vulnerabilities have been designated CVE-2022-24401, CVE-2022-24402, CVE-2022-24404, CVE-2022-24403, and CVE-2022-24400; all of which are cryptographic flaws of some kind.
Most of the vulnerabilities, the researchers wrote, affect all TETRA networks, but vendors have begun shipping firmware patches.
Some need mitigation via “compensating controls”, the authors said.
Two of the vulnerabilities, CVE-2022-22401 and CVE-2022-22402, are rated critical.
CVE-2022-22401 allows decryption oracle attacks, because TETRA’s air interface encryption keystream “relies on the network time, which is publicly broadcast in an unauthenticated manner”, the researchers said.
A capable adversary could “intercept or manipulate law enforcement and military radio communications”.
CVE-2022-22402 is a backdoor in TETRA’s TEA1 algorithm, used to encrypt the air interface.
The backdoor “reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes,” the researchers said.
This constitutes a “full break of the cipher”, they wrote, “allowing for interception or manipulation of radio traffic."
As well as intercepting traffic, an attacker could inject traffic.
For example, if an electricity utility was using TETRA for SCADA communications, an attacker could “perform dangerous actions such as opening circuit breakers in electrical substations”.
CVE-2022-24403 (a user deanonymisation vulnerability) and CVE-2022-24404 (a lack of ciphertext authentication on the air interface) are rated high severity, while CVE-2022-24400 is a low-severity flaw in the authentication algorithm.
For CVE-2022-24401 and CVE-2022-24404, firmware patches are available; CVE-2022-24402 and CVE-2022-24403 can be mitigated using end-to-end encryption; and CVE-2022-24400 is fixed by migrating to TAA2.
