Cybersecurity researchers from Midnight Blue have uncovered new vulnerabilities in the TETRA radio protocol, including weaknesses in its end-to-end encryption (E2EE) that allow for replay attacks, brute-force decryption, and message injection. These flaws, dubbed 2TETRA:2BURST, were revealed at the Black Hat USA conference by Carlo Meijer, Wouter Bokslag, and Jos Wetzels.
TETRA is a European mobile radio standard used by law enforcement, military, and critical infrastructure. It includes four encryption algorithms: TEA1 through TEA4. The new findings follow earlier disclosures in 2022, known as TETRA:BURST, which exposed an intentional backdoor and other serious flaws.
Among the newly identified issues:
- CVE-2025-52940: Replay and voice injection attacks.
- CVE-2025-52941: Weakened AES-128 encryption with reduced key strength.
- CVE-2025-52942: No replay protection for encrypted messages.
- CVE-2025-52943: Key recovery risk in multi-algorithm networks.
- CVE-2025-52944: Lack of message authentication allows arbitrary data injection.
Midnight Blue warns that networks using TETRA for data transmission are especially vulnerable. Attackers could intercept or inject malicious traffic, even on encrypted systems. While no active exploitation has been reported, most flaws remain unpatched. Only one fix is expected soon for MBPH-2025-001.
Recommended mitigations include migrating to secure E2EE solutions, disabling weak encryption variants, rotating keys, and adding TLS or VPN layers for data protection.
Additionally, three flaws were found in Sepura SC20 radios:
- CVE-2025-52945: Poor file management controls.
- CVE-2025-8458: Weak SD card encryption.
- MBPH-2025-003: Unpatchable key exfiltration risk.
These allow attackers with brief physical access to execute code, extract encryption keys, or implant persistent backdoors, compromising the integrity of TETRA communications.
ETSI clarified that the E2EE mechanism in question is not part of its official standard and was developed by TCCA’s security group. Buyers are free to use alternative encryption solutions.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
