Select Page

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what’s believed to be an intentional backdoor that could have potentially exposed sensitive information.

The issues, discovered by Midnight Blue in 2021 and held back until now, have been collectively called TETRA:BURST. There is no conclusive evidence to determine that the vulnerabilities have been exploited in the wild to date.

“Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning,” the Netherlands-based cybersecurity company said.

Standardized by the European Telecommunications Standards Institute (ETSI) in 1995, TETRA is used in more than 100 countries and as a police radio communication system outside the U.S. It’s also employed to control essential systems like power grids, gas pipelines, and railways.

images from Hacker News