Essential infrastructure radio know-how might be “simply hacked” by means of intentional backdoor

Dutch researchers have found vulnerabilities in TETRA – a radio technology used worldwide to control critical infrastructure such as power grids, gas pipelines and trains.

Researchers, Job Wetzels, Carlo Meijer, and Wouter Bokslag of cybersecurity firm Midnight Blue found a deliberate backdoor in the encryption algorithm of these radios — made by Motorola, Damm, Hytera, and others — that was “easily” hacked.

“The results of this research are serious,” he said Jacobs, who is also Professor of Computer Security at Radboud University Nijmegen. “It is serious for the government, but also for the economy. It is vital infrastructure whose functionality can be compromised by heavy attacks.”

According to researchers, attackers could hack the network to send malicious commands that would disrupt critical infrastructure. They could also bug the emergency services. “These are all realistic scenarios,” said Wetzels.

Worryingly, critical infrastructure around the world is controlled via TETRA.

In the Netherlands, the port of Rotterdam, several public transport companies and most airports use the system. C2000, the communication system used by the police, fire brigade, rescue services and parts of the Ministry of Defense, is also based on TETRA.

Many critical infrastructure agencies in Germany, France, Spain and other European countries rely on the network, as do several equivalent entities in the US, according to a WIRED Investigation. It is estimated that TETRA is used in 120 countries.

And you don’t even have to be an experienced hacker to access the network. According to Midnight Blue, the system could be cracked in a minute with simple hardware like a radio and a dongle. Once cracked, hackers could send malicious commands to critical infrastructure undetected.

The researchers first discovered the vulnerabilities in 2021 and immediately reported them to the Dutch National Center for Cybersecurity. For the past two years, the NCSC has been working hard to inform the governments of various countries about the dangerous loopholes.

The Midnight Blue team has also set itself the task of informing as many manufacturers and users as possible about the technology. The researchers and authorities probably only now considered it safe enough to publish the information.

Going forward, Midnight Blue warns that anyone using radio technologies should check with their manufacturer whether their equipment uses TETRA and what fixes or workarounds are available.

Aside from their day jobs, Wetzels, Meijer and Bokslag are what are known as ethical hackers. Meijer has previously cracked the technology behind the OV chip card, the Dutch transport card, and Bokslag has hacked Peugeot, Opel and Fiat’s wireless car keys. Both did this to make the technology more secure.

Despite efforts to raise awareness of the TETRA backdoor vulnerabilities, the researchers say many critical infrastructure companies are unresponsive and, for all we know, could still be at risk.