Dutch researchers have found vulnerabilities in TETRA — a radio technology used across the world to control critical infrastructure such as power grids, gas pipelines, and trains.
The researchers, Job Wetzels, Carlo Meijer, and Wouter Bokslag of cybersecurity firm Midnight Blue, found a deliberate backdoor in the encryption algorithm of these radios — made by Motorola, Damm, Hytera, and others — that was “easy” to hack.
“The results of this research are serious,” said Jacobs, who is also a professor of computer security at Radboud University Nijmegen. “It is serious for the government, but also for business. It concerns vital infrastructure whose functioning can be affected by serious attacks.”
According to researchers, attackers could hack the network to send malicious commands that would disrupt critical infrastructure. They could also listen in on emergency services. “These are all realistic scenarios,” said Wetzels.
Worryingly, critical infrastructure from all over the world is controlled using TETRA.
In the Netherlands, the port of Rotterdam, several public transport companies, and most airports use the system. C2000, the communication system of the police, fire brigade, ambulance services, and parts of the Ministry of Defence, is also based on TETRA.
Many critical infrastructure authorities in Germany, France, Spain, and other European countries rely on the network, and so do several equivalent entities in the USA, according to a WIRED investigation. TETRA is estimated to be in use in 120 countries.
And you don’t even have to be an expert hacker to tap the network. According to Midnight Blue, you could crack the system in a minute using simple hardware such as a radio and dongle. Once cracked, hackers could send malicious commands to critical infrastructure undetected.
The researchers first uncovered the vulnerabilities in 2021 and immediately reported them to the Dutch National Cyber Security Centre. Over the last two years, the NCSC has been hard at work informing the governments of various countries about the dangerous loopholes.
The Midnight Blue team also took it upon themselves to notify as many manufacturers and users of the technology as possible. Assumably, the researchers and the authorities only now deemed it safe enough to make the information public.
Going forward, Midnight Blue warns that anyone using radio technologies should check with their manufacturer to determine if their devices are using TETRA and what fixes or mitigations are available.
Aside from their day jobs, Wetzels, Meijer, and Bokslag are so-called ethical hackers. Meijer previously cracked the technology behind the OV-chipcard, the Dutch transport card, and Bokslag hacked the wireless car keys of Peugeot, Opel, and Fiat. Both did so to make the technology more secure.
Despite their best efforts to raise awareness of the TETRA backdoor vulnerabilities, the researchers say that many critical infrastructure companies are nonresponsive, and for all we know, could still be at risk.