Police and Military Radio Encryption Vulnerable to Cracking
▼ Summary
– Researchers found a backdoor in a global encryption algorithm used in critical infrastructure radios, making communications vulnerable to eavesdropping.
– ETSI advised using end-to-end encryption to mitigate the flaw, but researchers later discovered vulnerabilities in one such implementation.
– The flawed end-to-end encryption compresses a 128-bit key to 56 bits, weakening security, though its exact usage remains unclear.
– This encryption is mainly used by law enforcement, military, and intelligence agencies but may now be more widely adopted.
– The vulnerabilities were hidden for decades due to ETSI’s refusal to allow scrutiny of its proprietary TETRA radio standard algorithms.
Security vulnerabilities in encrypted radio communications used by law enforcement and military personnel have resurfaced, raising concerns about the integrity of supposedly secure systems. A team of Dutch researchers recently uncovered weaknesses in an end-to-end encryption solution recommended as a fix for earlier flaws, potentially exposing sensitive transmissions to interception.
The issue traces back to 2023 when the same researchers first identified deliberate backdoors in a widely used encryption standard developed by the European Telecommunications Standards Institute (ETSI). This standard, embedded in radios deployed across critical infrastructure, police departments, and military operations globally, was found to contain intentional vulnerabilities allowing unauthorized access to encrypted communications. ETSI responded by advising users to implement additional end-to-end encryption layers for enhanced protection.
However, fresh analysis reveals that at least one version of this recommended security upgrade suffers from similar weaknesses. The problematic implementation reduces cryptographic strength by compressing 128-bit encryption keys down to just 56 bits before transmission, a design choice that significantly lowers the computational effort needed to break the encryption. While the exact scope of affected systems remains unclear, the vulnerability likely impacts specialized equipment used by intelligence agencies, special forces, and other high-security operations.
The encryption standard in question forms part of the TETRA (Terrestrial Trunked Radio) protocol, a decades-old European framework integrated into hardware from major manufacturers like Motorola and Sepura. Originally kept secret by ETSI, the proprietary algorithms only came under scrutiny when researchers from Netherlands-based firm Midnight Blue exposed their flaws. Their latest findings suggest that even supplemental security measures may not provide adequate protection against determined adversaries.
These revelations highlight ongoing challenges in securing communications for sensitive operations. With encryption standards often developed behind closed doors and vulnerabilities remaining undetected for years, the incident underscores the need for transparent cryptographic design and rigorous independent testing, particularly for systems trusted by organizations handling national security matters.
(Source: Ars Technica)
