Dutch security researchers have discovered multiple vulnerabilities in TETRA (Terrestrial Trunked Radio), including a backdoor that allows attackers to easily decrypt encrypted communications.
TETRA is a radio communications standard used by police forces, government agencies, rail transportation, fire departments, and other mission-critical entities in over 100 countries worldwide since 1995. The standard relies on proprietary cryptographic algorithms named TEA (TETRA Encryption Algorithm), which are only distributed to a handful of select entities under very restrictive NDAs. Despite its omnipresence in the communication systems of vital agencies in so many countries, TETRA and its encryption have never been thoroughly scrutinized by security analysts.
A team of researchers in the Netherlands who reverse-engineered the standard and its algorithms discovered critical flaws, including one (CVE-2022-24402) in the TEA1 encryption algorithm that reduces the original 80-bit encryption key to such a small size that brute-forcing it on widely available hardware is trivial. This practically means that the TETRA contains a backdoor allowing anyone with knowledge of it to snoop into all radio communications that use the standard.
The second critical-severity flaw is CVE-2022-24401, concerning the reliance of the Air Interface Encryption (AIE) keystream generator on publicly broadcasted network times, which an attacker can easily acquire to perform decryption oracle attacks.
The researchers discovered three more flaws on TETRA, namely CVE-2022-24404, which concerns a lack of ciphertext authentication on AIE, potentially leading to malleability attacks, CVE-2022-24403, which is a weak obfuscation problem allowing user deanonymization, and CVE-2022-24400, a flaw in the authentication algorithm allows attackers to set the Derived Cypher Key (DCK) to 0.
The five flaws, collectively called ‘TETRA:BURST,’ were discovered in 2021 but were not made publicly available until now. Instead, the security researchers worked with the Dutch National Cyber Security Centre to notify impacted agencies, vendors, response teams, and other critical entities. NCSC has confirmed to the media that it informed the governments in Germany, the UK, Belgium, and Denmark, all users of the TETRA standard, that their radio communications are vulnerable to eavesdropping.
More information about TETRA:BURST and how the above flaws can be practically exploited in real-world scenarios will be disclosed in the upcoming BlackHat USA conference on August 9, 2023.
The discovery of the TETRA:BURST flaws, and especially a decryption backdoor, highlight the problem of using proprietary encryption algorithms instead of open-source tools that can be evaluated and scrutinized by a large community of researchers. The researchers underscore that similar problems were discovered in the past on other prominent standards like GSM (A5/1, A5/2), GPRS (GEA-1, GEA-2), GMR (GMR-1, GMR-2), and DECT (DSAA, DSC), which relied on closed-source design. Instead, the analysts call for adopting Kerckhoffs’s principle, which dictates that everything about a cryptographic system apart from the key should be public knowledge.
At this time, it is unknown if TETRA:BURST was exploited by malicious actors to intercept communications, how extensive or lengthy this exploitation might have been, and what secrets were stolen thanks to the weaknesses in the standard. Due to the passive way these flaws would be exploited, creating no detectable interference in the radio signals, they would leave no traces for the victims to realize the compromise.
Thanks a lot! for your post Heinrich. Very well documented.