For over 25 years, a technology utilized for vital data and voice radio communications globally has remained under wraps, preventing in-depth testing for potential vulnerabilities. However, a small group of researchers in the Netherlands has now shed light on it, uncovering significant flaws, including a deliberate backdoor.
The backdoor, which was known by vendors selling the technology but not necessarily by customers, exists in an encryption algorithm embedded in radios used for commercial purposes in critical infrastructure.
These radios are used for transmitting encrypted data and commands in various sectors such as pipelines, railways, the electric grid, mass transit, and freight trains.
This backdoor could potentially allow unauthorized access to communications, providing insights into system operations, and enabling the sending of commands that could lead to blackouts, disruption of gas pipeline flows, or rerouting of trains.
Researchers have discovered a second vulnerability in a different part of the same radio technology used in specialized systems exclusively sold to police forces, prison personnel, military, intelligence agencies, and emergency services. This includes the C2000 communication system utilized by Dutch police, fire brigades, ambulance services, and the Ministry of Defense for vital voice and data communications.
Exploiting this flaw would allow unauthorized decryption of encrypted voice and data communications, enabling the spread of misinformation or manipulation of personnel and forces during critical situations. Full details at WIRED.
What else is out there that we do not know of, one wonders...