TETRA aka ‘Terrestrial Trunked Radio’ is a digital voice and text radio communications protocol often used by authorities and industry in European and many countries other than the USA.

A major advantage to a digital communications protocol like TETRA was it's ability to be secured via encryption.

Five vulnerabilities have been found by Midnight Blue, that’s been dubbed ‘TETRA:BURST’.

These two most critical vulnerabilities allow TETRA to be easily decrypted or attacked by consumer hardware.

#Infosec

CVE-2022-24401:

The first critical vulnerability is described as decryption oracle attack.

The Air Interface Encryption Keystream generator relies on the network time, this is broadcasted unauthenticated.

This is a allows for a Decryption Oracle Attack.

Information around Oracle padding:
https://flast101.github.io/padding-oracle-attack-explained/

CVE-2022-24402:

This is probably one of the most unforgivable critical issues:

The second vulnerability is noted that a backdoor has been built into the TEA1 encrypted TETRA. This is extremely vulnerable to brute force attacks.

“The TEA1 algorithm has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes.”

Midnight Blue are due to release more technical details about the vulnerabilities on August 9 during the BlackHat security conference.
#infosec #blackhat

https://www.blackhat.com/us-23/briefings/schedule/#redacted-telecom-talk-31807