goTenna Pro X and Pro X2 (Update A)

Plan Patch9.6ICS-CERT ICSA-24-270-04Sep 26, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

goTenna Pro App versions 1.6.1 and earlier contain multiple cryptographic and credential handling vulnerabilities (CWE-521, CWE-922, CWE-353, CWE-319, CWE-923, CWE-338, CWE-1390, CWE-201, CWE-204, CWE-306) that allow an attacker within radio range to intercept and decrypt communications between Pro and Pro X2 devices. The vulnerabilities stem from weak key derivation, improper encryption implementation, hardcoded credentials, and insufficient credential protection. Successful exploitation compromises the confidentiality and integrity of all transmitted messages and can expose encryption keys.

What this means

What could happen

An attacker with physical or network proximity could intercept and decrypt communications between goTenna Pro devices, compromising the confidentiality and integrity of transmitted data. This could expose sensitive operational communications, team locations, or command information sent over the mesh network.

Who's at risk

This affects any organization using goTenna Pro devices for mesh radio communications, including public safety agencies, utilities, military units, and emergency responders who rely on the devices for secure out-of-band communications during field operations or in areas without cellular coverage.

How it could be exploited

An attacker must be within radio range of the goTenna Pro devices to intercept encrypted communications. The attacker can capture transmitted packets and exploit weaknesses in key derivation, encryption implementation, or credential handling to decrypt messages and extract plaintext data or encryption keys.

Prerequisites

Physical or RF proximity to goTenna Pro devices (within radio range)
No authentication or credentials required to receive transmitted signals
Ability to capture and analyze radio traffic

Low complexity exploitationNo authentication required to receive signalsAffects confidentiality and integrity of communicationsPhysical/RF proximity required (limits but does not eliminate risk)Weak key derivation and credential handling

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

goTenna Pro App: <=1.6.1≤ 1.6.1No fix yet

Remediation & Mitigation

0/8

Do now

0/3

HARDENINGUse non-descriptive callsigns and key names that do not reveal location, team composition, or operational details

WORKAROUNDShare encryption keys only via QR code method (not over radio or voice)

WORKAROUNDReduce broadcast power to 0.5 Watts during key exchange and in unsecured areas to limit radio range and exposure

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate goTenna Pro App to v2.0.3 or greater on all Android devices

HOTFIXUpdate goTenna Pro App to v2.0.3 or greater on all iOS devices

HARDENINGRotate encryption keys regularly according to industry best practices

HARDENINGImplement layered encryption keys for team and individual communications

Long-term hardening

0/1

HARDENINGRestrict goTenna Pro device network access to secured, physically controlled areas; do not expose to internet or untrusted networks

CVEs (10)

CVE-2024-47121 CVE-2024-47122 CVE-2024-47123 CVE-2024-47124 CVE-2024-47125 CVE-2024-47126 CVE-2024-47127 CVE-2024-47128 CVE-2024-47129 CVE-2024-47130

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/679d8a82-914a-421e-b307-3ba9a3fb18ce