TETRA: BURST - Dutch Firm Uncovers Potentially Catastrophic Radio Network Vulnerabilities
Midnight Blue Releases a Report
A Netherlands-based security firm, Midnight Blue, has exposed a series of five vulnerabilities, collectively named TETRA: BURST, that affects Terrestrial Trunked Radio (TETRA). TETRA is a crucial communication technology used across Europe, the United Kingdom, and many other nations by emergency services organizations, government agencies, and law enforcement.
These flaws are reported to impact all TETRA radio networks, potentially enabling an attacker to decrypt communications either in real-time or retroactively, inject messages, deanonymize users, or intercept uplink by setting the session key to zero.
Two of these vulnerabilities have been classified as critical. The first, CVE-2022-24401, is an oracle decryption attack that can reveal text, voice, or data communication. The exploit takes advantage of the Air Interface Encryption (AIE) keystream generator's dependence on network time, a data broadcast publicly and unencrypted.
The second critical vulnerability, CVE-2022-24402, stems from a weakness in the TEA1 encryption algorithm. According to Midnight Blue's researchers, the algorithm has a "backdoor" that reduces the original 80-bit key to a size trivially brute-forceable on consumer hardware within minutes.
Midnight Blue's team asserts that this backdoor is a result of intentional algorithm design decisions. The researchers point out in their disclosure that "there is a computational step which serves no other purpose than to reduce the key's effective entropy."
The team further emphasizes that the use of secret, proprietary cryptography has been a recurring issue in previously identified flaws affecting several communication technologies, including GSM (A5/1, A5/2), GMR (GMR-1), GPRS (GEA-1), DMR ('Basic' and 'Enhanced' encryption), and P25 (ADP) used in North America.
These vulnerabilities, according to Midnight Blue, were often born out of export control practices that mandate weak encryption.
Funding from the non-profit NLnet foundation as part of its European Commission-supported NGI0 PET fund enabled Midnight Blue to reverse-engineer and publicly analyze the TAA1 and TEA algorithms. This process uncovered the TETRA: BURST vulnerabilities for the first time.
The European Telecommunications Standards Institute (ETSI), responsible for overseeing the TETRA specification, has yet to comment on the issue.
The remaining three vulnerabilities of lower severity include CVE-2022-24404, CVE-2022-24403, and CVE-2022-24400, all with varying potential for compromising confidentiality, authentication, and identification of radio identities.
Midnight Blue plans to release the technical details of these flaws at the Black Hat security conference in Las Vegas on August 9, 2023, and at Usenix Security and DEF CON. The firm delayed disclosure by a year and a half instead of the typical six months for hardware and embedded systems, citing the sensitivity of the matter and the complex nature of remediation.
The possibility of message interception or manipulation poses a significant concern for military and law enforcement users of TETRA networks. Similarly, critical infrastructure operators face potential threats, with communication services of private security firms at risk of manipulation, or even data traffic injection that could interfere with the control and monitoring of industrial equipment.