Tech News

Uncovering Critical Vulnerabilities in TETRA Radio Communication: Ensuring Secure Infrastructures

By Aya Mohammed

Three Dutch security analysts have discovered five vulnerabilities in a European radio communication standard called TETRA, which is used in radio communication devices manufactured by Motorola, DAMM, Hytera, and other specialized companies.

This standard has been used in radio communication devices since the 1990s, but its flaws remained unknown due to the secrecy of the encryption algorithms used in TETRA until now.

For over 25 years, the technologies used in critical data and voice radio communications worldwide have been surrounded by absolute secrecy to prevent anyone from scrutinizing their security features and discovering recently found weaknesses.

A small group of specialized researchers in the Netherlands dissected the technology and found serious flaws, including intentional vulnerabilities known as back doors.

The researchers state that these vulnerabilities have been known for several years by the providers of these technologies but not necessarily by the customers, they exist in an encryption algorithm hidden in the radio devices sold for commercial use in vital infrastructures.

These devices are used to transmit encrypted data and commands in pipelines, railways, power grids, public transportation, and cargo trains. The vulnerabilities allow operators to eavesdrop on communications to understand the system’s functioning.

Attackers could potentially exploit this to send commands to the radios, leading to power outages, disruptions in gas pipelines, or redirecting trains.

The researchers also discovered another vulnerability in a different part of the same radio technology used in more specialized systems exclusively sold to police forces, prison staff, military, intelligence agencies, and emergency services.

This vulnerability allows attackers to decipher encrypted voice communications and data, enabling them to send deceptive messages, redirect individuals, and forces during critical times.

As the TETRA standard is used in radios provided by vendors and system integrators like PowerTrunk, identifying potential users and their motivations is challenging.

However, Caleb Mathis, an advisor at “Amber Industrial Security,” conducted an open-source investigation for the global magazine “WIRED” and revealed contracts, press releases, and other documents showing the use of TETRA-based radios in at least twenty critical infrastructures in the United States.

Mathis assisted the magazine in identifying several entities that use these devices, including electric facilities, government border control agencies, an oil refinery, chemical plants, the primary mass transit system on the East Coast, and three international airports where the radios are used for communications between security personnel and ground staff, as well as a training base belonging to the U.S. Army.

The researchers conducted open-source research revealing that the vast majority of police forces worldwide, excluding the United States, use radio technology based on the TETRA standard.

This includes countries in Europe such as Belgium, Scandinavia, Eastern European countries like Serbia, Moldova, Bulgaria, and Macedonia, as well as Middle Eastern countries like Iran, Iraq, Lebanon, and Syria.

Additionally, defense ministries in Bulgaria, Kazakhstan, and Syria utilize these systems, as does Poland’s military counterintelligence agency, Finnish defense forces, and Lebanon, among others.

The researchers have not determined whether these security vulnerabilities are actively exploited, but they mentioned evidence from Edward Snowden’s leaks suggesting that the U.S. National Security Agency and British government communications offices (intelligence agencies) had targeted the TETRA standard for surveillance in the past.

One of the leaked documents discussed a project by the U.S. National Security Agency and the Australian Signals Directorate to collect communications from the Malaysian police during the Bali Climate Change Conference in 2007, indicating that they intercepted some communications from Indonesian security forces through TETRA.

Another Snowden leak suggests the possibility of British government communications offices, possibly with assistance from the National Security Agency, collecting communications conducted using the TETRA system in Argentina in 2010 during escalating tensions with the United Kingdom over oil exploration rights in an offshore oil field near the Falkland Islands, the leak describes the collection of high-priority military and command communications for Argentina’s TETRA system.

The researchers advise radio technology users to consult their manufacturer to determine if their devices use the TETRA system and inquire about possible fixes or measures to mitigate the vulnerabilities.

The researchers plan to present their findings next month at the “Black Hat” security conference in Las Vegas, where they will provide a detailed technical analysis along with the previously undisclosed encryption algorithms specific to the TETRA system.


Related:

The Author:
Avatar of Aya Mohammed
Aya Mohammed

Aya Mohammed, born in 1991, from Port Said, holds a Bachelor's degree in Technology and Management Information Systems and a Master's degree in Business Administration.


Leave A Reply

Your email address will not be published.


All content published on the Nogoom Masrya website represents only the opinions of the authors and does not reflect in any way the views of Nogoom Masrya® for Electronic Content Management. The reproduction, publication, distribution, or translation of these materials is permitted, provided that reference is made, under the Creative Commons Attribution 4.0 International License. Copyright © 2009-2024 Nogoom Masrya®, All Rights Reserved.