CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Multiple TETRA Radio Encryption Vulnerabilities Disclosed

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

New vulnerabilities in the Terrestrial Trunked Radio (TETRA) communications protocol were disclosed, affecting its end-to-end encryption (E2EE) mechanism. These flaws, collectively named 2TETRA:2BURST, enable replay and brute-force attacks, potentially allowing attackers to decrypt and inject traffic into TETRA networks. The vulnerabilities impact law enforcement, military, transportation, utilities, and critical infrastructure operators using TETRA. The issues were presented at the Black Hat USA 2025 conference by Midnight Blue researchers. The vulnerabilities include packet injection, insufficient fixes for previous flaws, and weaknesses in encryption algorithms that reduce effective key entropy. The impact varies based on the use-case and configuration of each TETRA network. Networks using TETRA for data transmission are particularly susceptible to packet injection attacks, which could allow attackers to intercept and inject malicious data traffic.

Timeline

  1. 11.08.2025 19:32 1 articles · 1mo ago

    Multiple TETRA Radio Encryption Vulnerabilities Disclosed

    New vulnerabilities in the TETRA communications protocol were disclosed, affecting its end-to-end encryption (E2EE) mechanism. These flaws, collectively named 2TETRA:2BURST, enable replay and brute-force attacks, potentially allowing attackers to decrypt and inject traffic into TETRA networks. The vulnerabilities include packet injection, insufficient fixes for previous flaws, and weaknesses in encryption algorithms that reduce effective key entropy. The impact varies based on the use-case and configuration of each TETRA network. Networks using TETRA for data transmission are particularly susceptible to packet injection attacks, which could allow attackers to intercept and inject malicious data traffic.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Russian FSB-linked Hackers Exploit Cisco Smart Install Vulnerability for Cyber Espionage

Static Tundra, a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit, has been actively exploiting a seven-year-old vulnerability in Cisco IOS and IOS XE software (CVE-2018-0171) to gain persistent access to target networks. The group has been targeting organizations in telecommunications, higher education, manufacturing, and critical infrastructure sectors across multiple continents. The attacks involve collecting configuration files, deploying custom tools like SYNful Knock, and modifying TACACS+ configurations to achieve long-term access and information gathering. The FBI and Cisco Talos have issued advisories warning about the ongoing campaign, which has been active for over a year and has targeted critical infrastructure sectors in the US and abroad. The group has also increased attacks on Ukraine since the start of the war. The vulnerability allows unauthenticated, remote attackers to execute arbitrary code or trigger DoS conditions. Cisco has advised customers to apply the patch for CVE-2018-0171 or disable Smart Install to mitigate the risk. The group has also targeted networks of US state, local, territorial, and tribal (SLTT) government organizations and aviation entities over the last decade. The threat extends beyond Russia's operations—other state-sponsored actors are likely conducting similar network device compromise campaigns.

Open in new tab