CVE-2024-43108
📋 TL;DR
CVE-2024-43108 is a cryptographic vulnerability in the goTenna Pro ATAK Plugin where encrypted messages lack integrity checking, allowing attackers to modify encrypted content without detection. This affects users of the goTenna Pro ATAK Plugin who rely on its encrypted messaging functionality. The vulnerability stems from using AES-CTR mode without authentication.
💻 Affected Systems
- goTenna Pro ATAK Plugin
📦 What is this software?
Gotenna by Gotenna
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify mission-critical tactical communications, leading to misinformation, operational compromise, or redirection of personnel/resources in military/emergency response scenarios.
Likely Case
Message tampering leading to data integrity issues, potential manipulation of coordinates or instructions in tactical communications.
If Mitigated
Limited impact if messages are validated through external integrity checks or if the vulnerability is patched with authenticated encryption.
🎯 Exploit Status
Exploitation requires access to encrypted messages in transit and knowledge of cryptographic attacks against CTR mode without authentication. No public exploit code is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Current release (specific version not specified in advisory)
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05
Restart Required: Yes
Instructions:
1. Update the goTenna Pro ATAK Plugin to the latest version from the official source. 2. Restart the ATAK application. 3. Verify encryption is functioning with enhanced protocols.
🔧 Temporary Workarounds
Disable Encrypted Messaging
allTemporarily disable encrypted messaging features in the plugin until patched
Implement External Integrity Verification
allAdd application-layer integrity checks or digital signatures to messages
🧯 If You Can't Patch
- Limit use of encrypted messaging to non-critical communications only
- Implement network segmentation to restrict access to goTenna mesh networks
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in ATAK settings. If using any version prior to the current release with enhanced encryption protocols, the system is vulnerable.Check Version:
In ATAK: Settings → Plugin Manager → goTenna Pro → Version InfoVerify Fix Applied:
Verify the plugin has been updated to the latest version and confirm encrypted messaging uses authenticated encryption (AES-GCM or similar) instead of plain AES-CTR.📡 Detection & Monitoring
Log Indicators:
- Unusual message corruption errors
- Failed integrity checks on received messages
- Unexpected message format changes
Network Indicators:
- Unusual patterns in encrypted message traffic
- Repeated transmission of similar encrypted packets
SIEM Query:
Search for: 'goTenna plugin error' OR 'message integrity failure' OR 'encryption protocol mismatch'