Breaking TETRA: How Decades of Security Through Obscurity Failed Police Radio

TLDR: Researchers from Midnight Blue have exposed critical vulnerabilities in the TETRA radio standard, which is used globally by police, military, and critical infrastructure. By reverse-engineering proprietary cryptographic primitives from Motorola MTM5400 radios, the team demonstrated real-time decryption of voice and data traffic. These findings highlight the catastrophic failure of security through obscurity and demand immediate attention from organizations relying on legacy radio infrastructure.

Security through obscurity is a death sentence for any protocol, yet it remains the bedrock of the Terrestrial Trunked Radio (TETRA) standard. For over two decades, this global radio technology has been shielded by proprietary, secret cryptography, under the assumption that if the algorithms are hidden, they are safe. Midnight Blue’s recent research at Black Hat 2023 proves exactly how dangerous that assumption is. By reverse-engineering the hardware of a common Motorola MTM5400 radio, the researchers bypassed the "secret" protections and exposed five distinct vulnerabilities, including a hardcoded backdoor in the TEA1 algorithm.

The Anatomy of the Failure

The research centers on the realization that TETRA’s security relies on the TEA (TETRA Encryption Algorithm) suite. These algorithms are not public, and access to them is restricted under strict non-disclosure agreements. The researchers treated the radio as a black box, using a format string vulnerability to gain code execution on the application processor of the OMAP-L138 SoC. From there, they pivoted to the DSP, where the actual cryptographic operations occur.

The most damning finding is the CVE-2022-24402 backdoor in the TEA1 algorithm. The algorithm performs a "secret reduction step" that compresses an 80-bit key into a 32-bit register. This reduction makes the effective key space trivial to brute-force. In their demonstration, the team used a 1998-era Toshiba Satellite laptop to recover the key in roughly 12 hours. On modern hardware, this attack is a matter of minutes.

Exploiting the Protocol

Beyond the backdoor, the researchers identified flaws in the authentication and de-anonymization mechanisms. CVE-2022-24401 allows an attacker to recover the keystream by manipulating the network's perception of time. Because the network broadcasts synchronization information in an unauthenticated, unencrypted manner, an attacker can impersonate the infrastructure and force the radio to use a known keystream.

The attack flow is straightforward for anyone familiar with Software Defined Radio (SDR) workflows:

1. Capture encrypted traffic at a specific time t.
2. Overpower the legitimate base station signal.
3. Force the target radio to use a specific, attacker-controlled keystream.
4. Observe the radio's response (ACK/NACK) to determine if the keystream guess was correct.
5. Repeat until the full keystream is recovered.

This is a classic Adversary-in-the-Middle (AitM) scenario. By manipulating the MAC layer fragmentation, the attacker can distribute the keystream recovery across multiple slots, effectively decrypting voice and data in real-time.

Real-World Impact and Defensive Reality

For a pentester, this research changes the threat model for any engagement involving critical infrastructure. If you are testing a facility that uses TETRA for internal communications, you are no longer looking at a "secure" channel. You are looking at a clear-text stream waiting to be intercepted. The impact is not just data leakage; it is the ability to track the movement of security personnel, intercept sensitive operational commands, and potentially inject malicious traffic into SCADA systems that rely on TETRA for wide-area networking.

Defenders are in a difficult position. The primary mitigation is a firmware update to move to more secure algorithms like TEA2 or TEA3, but this requires a massive, coordinated effort across an entire fleet of radios and base stations. Furthermore, the de-anonymization vulnerability (CVE-2022-24403) is baked into the protocol itself, meaning there is no simple patch. Organizations must shift their focus toward cryptographic failures by implementing end-to-end encryption at the application layer, rather than relying on the underlying radio transport to provide confidentiality.

Moving Beyond Secret Crypto

The arrogance of the TETRA standard body, which claimed that "obscurity is a way of maintaining security," has been thoroughly dismantled. When you build a system on the premise that your adversary cannot read your documentation, you aren't building a secure system; you are building a house of cards. The fact that these vulnerabilities remained unaddressed for decades is a testament to the dangers of closed-source, proprietary security standards.

If you are currently working with TETRA networks, stop assuming the air interface is secure. Start auditing your deployments for the use of TEA1 and push for the adoption of end-to-end encryption that does not rely on the radio manufacturer's proprietary "black box" algorithms. The era of secret radio security is over, and it is time to treat these networks with the same skepticism we apply to any other legacy, unauthenticated protocol. Investigate your local network configurations, look for the use of unauthenticated sync frames, and prepare your clients for the reality that their radio traffic is effectively public.