Listen to this Post
Introduction
A shocking new wave of cybersecurity revelations has exposed severe flaws in the Terrestrial Trunked Radio (TETRA) communication protocol — a critical technology used worldwide by police forces, military units, transportation networks, utility providers, and critical infrastructure operators. Researchers have uncovered a series of high-risk vulnerabilities in its proprietary end-to-end encryption (E2EE), potentially enabling hackers to replay communications, inject fake messages, brute-force encryption keys, and even decrypt sensitive traffic.
Presented at the Black Hat USA security conference by the cybersecurity firm Midnight Blue, these findings have set off alarms across global security sectors. The flaws, collectively named 2TETRA:2BURST, highlight systemic weaknesses in a protocol many believed to be secure, raising urgent questions about the resilience of mission-critical communication systems.
the Original
TETRA, a European mobile radio standard developed by the European Telecommunications Standards Institute (ETSI), is deployed extensively by law enforcement, armed forces, and essential service providers. It incorporates four encryption algorithms — TEA1, TEA2, TEA3, and TEA4 — to safeguard communications. However, new research reveals that these protections can be bypassed in alarming ways.
The vulnerabilities, labeled CVE-2025-52940 through CVE-2025-52944, include:
Replay Attacks: Allowing attackers to resend intercepted voice streams or inject fake ones without detection.
Weakened AES-128 Implementation: Reducing effective encryption strength from 128 to 56 bits, making brute-force attacks feasible.
No Replay Protection in SDS Messages: Enabling repeated injection of text or command messages to humans or machines.
Multi-Cipher Key Recovery Risk: Exploiting weak TEA1 keys to compromise stronger encryption algorithms.
Lack of Message Authentication: Permitting arbitrary voice or data injections into networks.
In addition, ETSI’s prior fix for CVE-2022-24401 has been deemed ineffective, still leaving keystream recovery attacks possible. Midnight Blue warns that TETRA networks carrying data are especially vulnerable, as malicious traffic could be injected even into encrypted systems.
Beyond the protocol vulnerabilities, researchers discovered three critical flaws in Sepura SC20 series radios:
CVE-2025-52945: Poor file management restrictions.
CVE-2025-8458: Weak SD card encryption keys.
MBPH-2025-003: Unfixable flaw allowing exfiltration of nearly all encryption keys.
While patches for some issues are expected in late 2025, several flaws remain unpatched, leaving systems exposed. Mitigation steps include migrating to secure E2EE variants, disabling TEA1 support, rotating keys, and adding additional encryption layers such as TLS or VPN.
ETSI has distanced itself from responsibility for the flawed E2EE, stating it was designed by a separate industry group. However, the widespread use of the vulnerable implementations means that thousands of critical communication channels could already be at risk.
What Undercode Say:
From a security analyst’s perspective, the 2TETRA:2BURST disclosure is one of the most significant events in radio communication security in recent years. TETRA has been a backbone of secure operations for decades, yet these findings reveal that its encryption ecosystem contains structural weaknesses — not just accidental bugs, but in some cases deliberately weakened cryptography.
The fact that one vulnerability reduces encryption entropy from 128 bits to just 56 bits is alarming. This isn’t a small oversight; it’s a dramatic downgrade that places TETRA within the realm of feasible brute-force attacks using modern computing power. In real-world terms, an attacker could decrypt sensitive police or military chatter far faster than previously believed.
Replay attacks, as enabled by CVE-2025-52940, pose both operational and psychological risks. Imagine a scenario where an attacker injects false orders into a police communication channel during a crisis — confusion, delayed responses, and potentially dangerous mistakes could follow.
The lack of authentication (CVE-2025-52944) is equally critical. Without authentication, there’s no guarantee that received messages originate from legitimate sources. This flaw essentially turns secure networks into open gates for sophisticated adversaries.
The Sepura SC20 vulnerabilities add another layer of risk. The fact that MBPH-2025-003 cannot be fixed due to architectural limitations means that even after applying all available patches, some devices will remain permanently vulnerable. This creates a ticking time bomb for agencies that rely on these radios for mission-critical operations.
Strategically, the biggest takeaway is that TETRA security depends heavily on proper configuration and the removal of outdated cipher support. Agencies that fail to migrate away from TEA1, for example, are essentially giving attackers a skeleton key to their networks.
Given the global spread of TETRA, these vulnerabilities are not confined to one region or country. Critical infrastructure, emergency response units, and national defense networks worldwide may all be susceptible. This is not just a technical issue — it’s a geopolitical security concern.
The longer organizations delay in applying mitigations, the greater the risk of targeted exploitation. While there’s no evidence these flaws have been used in real-world attacks yet, the public disclosure increases the likelihood that threat actors — state-sponsored or otherwise — will start exploring them.
In essence, TETRA is no longer as secure as its reputation suggests. Agencies relying on it must treat this as an urgent call to action, not just a technical advisory.
✅ Fact Checker Results
The vulnerabilities are confirmed by multiple independent cybersecurity sources, including live presentations at Black Hat USA.
There is no current evidence of active exploitation, but proof-of-concept attacks are possible today.
Some flaws can be mitigated, but others — particularly MBPH-2025-003 — are unfixable without hardware replacement.
🔮 Prediction
Given the severity of the weaknesses and the slow rollout of patches, it’s highly likely that TETRA-related cyber incidents will emerge in the next 12–18 months. We may see state-sponsored actors targeting these flaws for espionage, especially against critical infrastructure and government agencies. Without aggressive upgrades and mitigations, the next major publicized security breach could involve compromised TETRA communications.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: thehackernews.com
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
