Dutch cybersecurity consultancy, Midnight Blue, revealed their research findings called “TETRA:BURST,” which involves a cryptographic bug in the TETRA (Terrestrial Trunked Radio) system, commonly used by law enforcement and emergency services.
Unlike modern encryption algorithms, TETRA’s 1995-era encryption remains in use, largely because it is proprietary and guarded under non-disclosure agreements (NDAs).
The researchers discovered five vulnerabilities in TETRA, and they will be presenting their full findings at upcoming conferences.
The vulnerabilities highlight the importance of adhering to Kerckhoff’s Principle, not relying on unverifiable data, and avoiding the inclusion of backdoors or weak encryption in cryptographic systems.
The researchers have already observed firmware updates addressing one of the vulnerabilities (CVE-2022-24401). Further details and mitigations will be disclosed during the TETRA:BURST tour.
