The TETRA vulnerabilities have been identified by Dutch cybersecurity researchers, who plan to reveal more information at the upcoming Black Hat USA 2023.
Dutch cybersecurity researchers have discovered significant vulnerabilities in the widely used TETRA radio technology, raising concerns about the safety of critical infrastructure worldwide – These vulnerabilities have been dubbed TETRA:BURST by researchers.
TETRA, or Terrestrial Trunked Radio, employed to control essential systems like power grids, gas pipelines, and trains, has been found to possess a deliberate backdoor in its encryption algorithm, allowing for relatively easy hacking.
The team at cybersecurity firm Midnight Blue, consisting of Job Wetzels, Carlo Meijer, and Wouter Bokslag, made this alarming discovery and alerted relevant authorities. Despite efforts to raise awareness, many critical infrastructure entities remain unresponsive to the risks posed by these vulnerabilities.
The Vulnerabilities:
Researchers from Midnight Blue identified a backdoor in the encryption algorithm of TETRA radios, which are manufactured by companies such as Motorola, Damm, and Hytera. The intentional vulnerability, easy to exploit, allows attackers to compromise the network and execute malicious commands. These attacks can disrupt critical infrastructure operations and even enable unauthorized access to emergency services, posing a grave threat to public safety.
Global Impact:
TETRA technology is widely used across the world, controlling vital infrastructure in more than 120 countries. For instance, in the Netherlands, the port of Rotterdam, public transport companies, most airports, and the C2000 communication system utilized by the police, fire brigade, ambulance services, and parts of the Ministry of Defence rely on TETRA.
Additionally, many critical infrastructure authorities in Germany, France, Spain, and various European countries, as well as several equivalent entities in the USA, depend on this radio technology.
Ease of Hacking:
The most concerning aspect of these vulnerabilities is how accessible they are to potential hackers. According to Midnight Blue, even individuals without extensive hacking expertise can infiltrate the TETRA network in under a minute using simple hardware. Once inside, attackers can execute malicious commands on critical infrastructure systems without detection, leading to severe consequences.
Efforts to Address the Issue:
According to local Dutch media, the researchers responsible for uncovering these vulnerabilities immediately reported their findings to the Dutch National Cyber Security Centre (NCSC) in 2021. Over the past two years, the NCSC has diligently informed governments in various countries about the risks posed by TETRA’s loopholes.
Furthermore, the Midnight Blue team took the initiative to notify manufacturers and users of the technology, aiming to increase awareness and encourage mitigation efforts.
The Call for Action:
As the information about the TETRA backdoor vulnerabilities becomes public, Midnight Blue warns all users of radio technologies to contact their manufacturers and assess if their devices employ TETRA. Understanding the potential risks and seeking available fixes or mitigations is crucial in safeguarding critical infrastructure from potential attacks.
More At Black Hat USA 2023
The Midnight Blue team plans to unveil more information about the backdoor at the “Redacted Telecom Talk“ session during the Black Hat Security Conference (Black Hat USA 2023), which is scheduled to take place from Saturday, August 5, 2023, to Thursday, August 10, 2023, at the Mandalay Bay Convention Center in Las Vegas, Nevada.
The complete information on the Midnight Blue team’s upcoming presentations and conferences is available on the TETRA:BURST website, which is dedicated to addressing the TETRA vulnerabilities.
Takeaway:
The discovery of deliberate vulnerabilities in TETRA radio technology has raised alarm bells among cybersecurity experts and governments worldwide. The risks posed by these backdoors are substantial, with the potential to disrupt critical infrastructure and compromise public safety.
While efforts have been made to address the issue, the lack of response from some critical infrastructure companies remains a cause for concern. As the world becomes increasingly reliant on advanced technologies, the need to prioritize cybersecurity and address potential vulnerabilities becomes more critical than ever.