Utilites, fire and ambulance services, military organizations, and transportation agencies around the world are at risk of compromise with five newly discovered security flaws in the Terrestrial Trunked Radio, or TETRA, standard, two of which are of critical severity, according to SecurityWeek.
Threat actors could leverage the critical vulnerabilities, tracked as CVE-2022-24401 and CVE-2022-24402, and high-severity flaws, tracked as CVE-2022-24400, CVE-2022-24403, and CVE-24404, to not only compromise private security services' radio communications but also facilitate data traffic injection activities, a MidnightBlue report noted.
"Decrypting this traffic and injecting malicious traffic allows an attacker to potentially perform dangerous actions such as opening circuit breakers in electrical substations or manipulate railway signaling messages," said MidnightBlue.
Meanwhile, Closed Door Security CEO William Wright expressed concern about the vulnerabilities, which could have already been exploited.
"Given the types of industries that rely on TETRA radio communications, this could have given adversaries access to sensitive information that could be extremely dangerous in their hands," Wright added.