Researchers Discover Fresh Weaknesses in TETRA Secured Wireless Communications
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Quick Overview
- Recent vulnerabilities in TETRA networks influence encryption robustness.
- Serious weaknesses could enable attackers to insert harmful data.
- Australian mining firms heavily rely on TETRA for their communication needs.
- Experts urge for independent evaluations of TETRA networks.
Revealing New Weaknesses in TETRA Networks
Security researchers from Midnight Blue in the Netherlands have disclosed a series of critical vulnerabilities within TETRA (Terrestrial Trunked Radio) communication networks. These issues, unveiled via reverse-engineering and termed 2TETRA:2BURST, compromise the end-to-end encryption (E2EE) utilized by security agencies and elite forces.
Insights into the Vulnerabilities
The investigation reveals six new security weaknesses, supplementing five that were previously recognized in 2023. The most critical, CVE-2025-52941, involves a compromised AES-128 encryption algorithm, diminishing its strength to a concerning 56 bits. Another weakness, CVE-2025-52943, targets networks employing multiple encryption methods, permitting attackers to take advantage of less secure keys to decrypt communications believed to be protected.
Consequences for the Industry
These vulnerabilities could allow intruders to interfere with industrial control systems within TETRA networks, leading to threats in sectors such as mining operations. This situation could result in unauthorized control over vital equipment such as SCADA systems.
Difficulties in Addressing the Issues
In contrast to conventional software vulnerabilities, these issues originate from essential design flaws in TETRA, which lack message authentication and replay resistance. The particular weaknesses affect the Sepura Embedded E2EE solution, yet other versions may also be vulnerable.
A Call for Openness
The cryptographic principles of TETRA have remained undisclosed for many years, impeding independent security assessments. Announcements to publish these principles were made in 2023, signaling a departure from the “security by obscurity” tactic adopted earlier by ETSI, which standardized TETRA back in 1995.
Effects on Australian Industries
TETRA networks function in more than 100 nations, constituting the foundation for emergency communications. In Australia, mining firms have widely incorporated TETRA for remote operations over the last decade, emphasizing the urgency for swift security evaluations.
Conclusion
The recent identification of vulnerabilities in TETRA networks by Midnight Blue underscores significant security issues for encrypted communications internationally. The flaws, which involve compromised encryption algorithms, threaten essential infrastructures and necessitate immediate independent assessments.
Q&A Section
Q: What is TETRA?
A: TETRA (Terrestrial Trunked Radio) is a communication standard commonly employed by emergency services and various industry sectors for secure radio communications.
Q: What new vulnerabilities have been discovered in TETRA networks?
A: The vulnerabilities encompass weakened encryption algorithms and flaws that could permit attackers to inject harmful data, jeopardizing communication security.
Q: What is the significance of publishing TETRA algorithms?
A: Publishing the algorithms concludes a long-standing “security by obscurity” approach, allowing independent security researchers to assess and find potential weaknesses.
Q: How do these vulnerabilities impact Australian industries?
A: Mining companies in Australia, reliant on TETRA for remote operations, may face the threat of unauthorized control over crucial systems, making comprehensive security evaluations essential.
