New 2TETRA:2BURST Vulnerabilities in TETRA Encryption Expose Critical Communications to Cyber Threats

Researchers studying cybersecurity have discovered new flaws in the Terrestrial Trunked Radio (TETRA) communications protocol that could give hackers the ability to decrypt private data and launch brute-force or replay attacks. Midnight Blue researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels described the vulnerabilities, which impact TETRA’s proprietary end-to-end encryption (E2EE), at the Black Hat USA conference last week.

The law enforcement, military, and critical infrastructure sectors—all of which rely heavily on TETRA for secure communication—are at serious risk from the vulnerabilities, which are collectively referred to as 2TETRA:2BURST. The study suggests that hackers may be able to listen in on encrypted conversations or introduce malicious traffic into secure networks by taking advantage of these vulnerabilities.

So Many high-security industries use the TETRA mobile radio system, which was made by the European Telecommunications Standards Institute (ETSI). For securing communication, it employs the 4 primary encryption algorithms (TEA1, TEA2, TEA3, and TEA4). There have been ongoing concerns regarding the closed and proprietary nature of the system, despite the fact that some of these algorithms are thought to be secure. Experts worry that vulnerabilities might exist but go unreported due to the lack of transparency.

Just more than two years have passed since the Dutch cybersecurity company Midnight Blue started looking into TETRA’s cryptic systems. The persistent dangers of depending on closed, proprietary encryption in vital communication infrastructure are highlighted by their findings.

Now, there is a global call for authorities and system operators to evaluate their vulnerability and think about mitigating measures like updating the system, adding more layers of encryption, or switching to more open and publicly reviewed communication protocols.