Ethical Hacking News
A recent study has found that Terrestrial Trunked Radio (TETRA) protocols are vulnerable to various security issues. Researchers from Midnight Blue have identified several encryption mechanisms used in TETRA standard as being susceptible to replay and brute-force attacks, even decrypting encrypted traffic. As a result, users of TETRA networks are advised to migrate to secure E2EE solutions and implement additional mitigations to prevent potential attacks.
TETRA communications protocol has been found to be vulnerable to a fresh set of security issues.The vulnerabilities, dubbed 2TETRA:2BURST, relate to several encryption mechanisms used in TETRA standard.Attackers can inject malicious data packets into the network, potentially allowing them to intercept radio communications and inject malicious data traffic.TETRA end-to-end encrypted voice streams are vulnerable to replay attacks, which could allow attackers to inject arbitrary voice streams indistinguishably from authentic traffic.The protocol's AES-128 implementation is intentionally weakened, rendering it vulnerable to brute-force attacks.End-to-end encrypted TETRA messages lack replay protection, allowing for arbitrary replay of messages.The protocol lacks message authentication, allowing for injection of arbitrary messages.
The Terrestrial Trunked Radio (TETRA) communications protocol, widely used by law enforcement, military, transportation, utilities, and critical infrastructure operators in Europe, has been found to be vulnerable to a fresh set of security issues. Researchers from the Netherlands-based cybersecurity company, Midnight Blue, recently presented their findings at the Black Hat USA security conference. The vulnerabilities, dubbed 2TETRA:2BURST, relate to several encryption mechanisms used in TETRA standard. These newly discovered issues expose the system to replay and brute-force attacks, even decrypting encrypted traffic.
According to Midnight Blue researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels, the security issues identified in the 2TETRA:2BURST vulnerabilities relate to a case of packet injection in TETRA. This means that an attacker can inject malicious data packets into the network, potentially allowing them to intercept radio communications and inject malicious data traffic. Furthermore, the researchers have found that TETRA end-to-end encrypted voice streams are vulnerable to replay attack, which could allow an attacker with no knowledge of the key to inject arbitrary voice streams indistinguishably from authentic traffic by legitimate call recipients.
The newly discovered issues also include a case where TETRA end-to-end encryption algorithm ID 135 refers to an intentionally weakened AES-128 implementation, rendering it vulnerable to brute-force attacks. This is due to its effective traffic key entropy being reduced from 128 to 56 bits. Additionally, researchers have found that end-to-end encrypted TETRA SDS messages feature no replay protection, allowing for arbitrary replay of messages towards either humans or machines.
Another identified issue relates to the protocol's lack of message authentication, which allows for the injection of arbitrary messages such as voice and data. Furthermore, ETSI's fix for CVE-2022-24401, a previously discovered vulnerability, is ineffective in preventing keystream recovery attacks. This has led researchers to assign a placeholder identifier MBPH-2025-001 to this issue.
In response to these newly discovered vulnerabilities, the researchers have recommended several mitigations for users of TETRA networks. These include migrating to scrutinized, secure E2EE solutions (CVE-2025-52940), non-weakened E2EE variants (CVE-2025-52941), disabling TEA1 support and rotating all AIE keys (CVE-2025-52943), adding a TLS/VPN layer on top of TETRA for networks that use it in data-carrying capacity (CVE-2025-52944).
The researchers have also noted that there is no evidence of these vulnerabilities being exploited in the wild. However, they emphasize the importance of implementing mitigations to prevent potential attacks.
In conclusion, the discovery of new vulnerabilities in TETRA radio communications protocol highlights the need for improved security measures in critical infrastructure and law enforcement systems.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Vulnerabilities-Found-in-TETRA-Radio-Communications-Protocol-Expose-Law-Enforcement-Communications-ehn.shtml
https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html
https://nvd.nist.gov/vuln/detail/CVE-2022-24401
https://www.cvedetails.com/cve/CVE-2022-24401/
https://nvd.nist.gov/vuln/detail/CVE-2025-52940
https://www.cvedetails.com/cve/CVE-2025-52940/
https://nvd.nist.gov/vuln/detail/CVE-2025-52941
https://www.cvedetails.com/cve/CVE-2025-52941/
https://nvd.nist.gov/vuln/detail/CVE-2025-52943
https://www.cvedetails.com/cve/CVE-2025-52943/
https://nvd.nist.gov/vuln/detail/CVE-2025-52944
https://www.cvedetails.com/cve/CVE-2025-52944/
Published: Mon Aug 11 14:05:16 2025 by llama3.2 3B Q4_K_M
