Flaws in Encryption Algorithms of Secure Tetra Radio Expose Users to Snooping
Researchers have discovered a number of serious vulnerabilities in the encryption algorithms used in the secure terrestrial trunked radio (Tetra) technology. This technology is widely used by emergency services and has been a part of the ongoing transition to the new Emergency Services Network (ESN). The flaws in the encryption algorithms could potentially allow malicious actors and state-sponsored espionage operations to intercept critical communications.
The Tetra standard, developed in the 1990s by the European Telecommunications Standards Institute (ETSI) and the Critical Communications Association (TCCA), has always been kept under tight wraps due to the sensitive nature of the organizations using the technology. However, security consultants from the Netherlands-based firm Midnight Blue recently acquired a Motorola radio product and conducted a thorough examination of its encryption algorithms.
The team uncovered five vulnerabilities, collectively known as Tetra:Burst, which have been assigned CVE designations 2022-24400 through -24404. The most severe vulnerability, CVE-2022-24402, affects the TEA1 encryption algorithm. It essentially functions as a backdoor, reducing the algorithm’s encryption key from 80 bits to just 32 bits. As a result, unauthorized actors can easily brute force the encryption and decrypt radio messages. Astonishingly, the team successfully accomplished this in less than a minute using a regular store-bought laptop.
Exploiting this vulnerability allows attackers to intercept and manipulate radio traffic, which poses significant risks to private security services operating at harbors, airports, railways, and more. It also enables them to inject malicious traffic into critical systems used for monitoring and controlling industrial equipment. For example, an attacker could remotely manipulate railway signals or open circuit breakers in electrical substations, leading to potentially dangerous consequences.
The researchers highlighted that this vulnerability was intentionally designed to weaken the encryption, as the process serves no other purpose than reducing the key’s effective entropy. However, a spokesperson for ETSI argued that the Tetra security standards were developed in collaboration with national security agencies and are subject to export control regulations that dictate the strength of the encryption. They stated that ETSI does not consider this vulnerability a backdoor.
Another critical vulnerability, CVE-2022-24401, affects all four encryption algorithms used in Tetra radios. It arises from the way the radios and their base stations initiate encrypted communications by synchronizing their timestamps. Because the time sync data is neither authenticated nor encrypted, an attacker could manipulate the process to insert themselves into the communication flow and recover encrypted messages. The researchers also found a method to inject false messages by manipulating the timestamp data.
Two more high-severity vulnerabilities were identified, namely CVE-2022-24404 and CVE-2022-24403. CVE-2022-24404 has a similar impact to CVE-2022-24401, allowing attackers to insert fake messages into the communication process. CVE-2022-24403 involves deanonymization, enabling attackers to monitor Tetra users and track their movements. This vulnerability could potentially give adversaries early warning of impending police raids, allowing them to evade capture.
Finally, there is a low-severity vulnerability labeled CVE-2022-24440, which allows attackers to set the Derived Cypher Key (DCK) to zero. While it does not enable a full man-in-the-middle attack like the other vulnerabilities, it provides an opportunity for attackers to intercept uplinks and access post-authentication protocol functions.
Organizations using Tetra can apply certain mitigations to protect against these vulnerabilities. A patch is already available for CVE-2022-24404 and CVE-2022-24401. Proper implementation of end-to-end encryption or migrating to newer encryption algorithms can help avoid exposure to CVE-2022-24402 and CVE-2022-24403.
ETSI emphasized that the Tetra standard is continually evaluated to ensure its robustness against evolving threats. They mentioned that revised standards were released in October 2022, and ongoing work supports the implementation of these standards in the market. ETSI also welcomed research efforts aimed at strengthening the standard and stated that the researchers recognized the overall strength of the Tetra standard.
As of now, there have been no reported exploitations on operational networks. ETSI, along with the Tetra industry community, remains committed to investing in and developing the ETSI Tetra standard to ensure its safety and resilience for the public safety, critical infrastructure, and enterprise organizations that rely on it every day.