Three Dutch security analysts discovered five vulnerabilities in a police radio standard called Terrestrial Trunked Radio (TETRA) developed by the European Telecommunications Standard Institute (ETSI). This standard has been used since the 1990s and is used globally by law enforcement, militaries, critical infrastructures, and industrial control systems (ICS).
These newly discovered TETRA vulnerabilities allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning. Some vendors have deployed software patches to protect against these vulnerabilities. It is unknown how many vendors are using the TETRA standard for US emergency communications. It is encouraged for ECCs to contact their vendors to determine impacts and if mitigations are in place.
To read more about these vulnerabilities, please visit: https://www.wired.com/story/tetra-radio-encryption-backdoor/
