TETRA radio security vulnerabilities exposed

Share post:

A group of Dutch security analysts have discovered serious vulnerabilities in the TETRA (Terrestrial Trunked Radio) standard, including a deliberate backdoor.

TETRA is a European radio standard used by police forces, prison personnel, military, intelligence agencies, and emergency services around the world. It is also used in critical infrastructure, such as pipelines, railways, and the electric grid. The vulnerabilities could allow attackers to intercept, manipulate, or disturb communications, or even send fraudulent messages.

Though TETRA isn’t widely used in the U.S., but open-source research revealed its application in at least two dozen critical infrastructures, including electric utilities, state border control agencies, oil refineries, chemical plants, mass transit systems, and international airports.

The researchers say that the vulnerabilities have been known to vendors for years, but they have only just been made public. The Dutch National Cyber Security Centre (NCSC) has also notified radio vendors and computer emergency response teams (CERTs) around the world about the problems. It says the vulnerabilities are “serious” and that organizations that use TETRA should take steps to mitigate the risk.

The researchers plan to present their findings, and the secret TETRA encryption algorithms to encourage further investigation into potential weaknesses at the BlackHat security conference in Las Vegas in August.

The sources for this piece include an article in ArsTechnica.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways