24 July 2023

Demo: TETRA TEA1 backdoor vulnerability (CVE-2022-24402)

 
89 views Jul 24, 2023
Midnight Blue, a specialist security consulting firm, announced today the discovery of 5 zero-day vulnerabilities collectively known as "TETRA:BURST", 2 of which critical, that affect the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement such as the C2000 network in the Netherlands, Airwave in the U.K., BOSNET in Germany, and RAKEL and Nødnett in Sweden and Norway.
  • Other use-cases include military communications and critical infrastructure in the power, oil & gas, water, and transport sectors and beyond. In this video, we demonstrate an attack on the TEA1 algorithm (CVE-2022-24402), which affects networks relying TEA1 for confidentiality and integrity. The demonstration is performed on a real-world network.

Publications and conferences

We have spent over two and a half year on our TETRA research, including a coordinated disclosure process that lasted over one and a half year. We will fully disclose our research results and present our work at various conferences throughout the year. Below you will find an updated list of the conferences on (aspects of) the TETRA:BURST vulnerabilities.

Date

Title

Venue

Location

August, 9th

All cops are broadcasting: breaking TETRA after decades in the shadows

Blackhat USA

Las Vegas

In this video, we demonstrate an attack on the TEA1 algorithm (CVE-2022-24402), which affects networks relying TEA1 for confidentiality and integrity. The demonstration is performed on a real-world network.

Follow along using the transcript.

Midnight Blue

1 subscriber
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

BEA News: Personal Income and Outlays, October 2024 EMBARGOED UNTIL RELEASE AT 10:00 a.m. EST, Wednesday, November 27, 2024

  BEA News: Personal Income and Outlays, October 2024 The U.S. Bureau of Economic Analysis (BEA) has issued the following news release today...