The globally-used Terrestrial Trunked Radio (TETRA) standard, critical to law enforcement and infrastructure sectors, is now compromised by five vulnerabilities known as TETRA:BURST. Two of these vulnerabilities are deemed critical, posing potential risks to network security across a multitude of industries.
These vulnerabilities, affecting all TETRA networks, enable real-time decryption, message injection, user deanonymization and more, depending on infrastructure and device configurations. Remedies are currently a mix of firmware patches and recommended compensating controls, but their effectiveness varies.
Midnight Blue, a non-profit organization, has been granted funding by the NLnet foundation to carry out the first public security research on TETRA. They were able to reverse-engineer and publicly analyze the TAA1 and TEA cryptographic algorithms, revealing the TETRA:BURST vulnerabilities.
Despite a lengthy disclosure process, exceeding 1.5 years due to the complexities and sensitive nature of the issues, the findings will soon become public. On coming August 9th, the research embargo lifts, providing much-needed transparency to asset owners globally.