Security Risks in Radio Communications: Breaking Down the Vulnerabilities

Researchers in the Netherlands uncovered a major vulnerability in the encryption algorithms used in radios for critical sectors, including police, intelligence agencies, and military forces globally. This backdoor made communications susceptible to interception.

By 2023, the European Telecommunications Standards Institute (ETSI), responsible for these algorithms, advised that those relying on this system for sensitive communication adopt additional end-to-end encryption solutions to enhance security.

However, further investigation revealed that the alternative encryption solution endorsed by ETSI carries a comparable risk, rendering communications equally vulnerable. A device tested showed that its encryption algorithm, though starting with a 128-bit key, was reduced to 56 bits, making it vulnerable to decryption attacks.

This end-to-end encryption solution is mainly deployed by law enforcement and specialized military units where high-security measures are critical. The endorsement of these solutions by ETSI has led to potentially broad usage beyond initial assumptions.

In a recent examination, vulnerabilities related to a European radio standard known as TETRA (Terrestrial Trunked Radio) were detailed. This standard is woven into systems produced by prominent manufacturers and has been integral since the 1990s.

The recent findings about the encryption implementation came to light after rigorous examination of Sepura radios, revealing potential national security risks. The revelations will be presented at the prestigious BlackHat security conference, highlighting the urgency of addressing these security flaws.

ETSI clarified that the end-to-end encryption tied to TETRA does not fall within its standards but was developed by the Critical Communications Association (TCCA). Although ETSI and TCCA collaborate closely, the responsibility of the end-to-end encryption lies elsewhere.

The use of TETRA-based radios is widespread amongst global police forces, noted in Belgium, Scandinavian countries, and parts of Eastern Europe and the Middle East. The longevity of these vulnerabilities in such broad usage underscores the pressing need for a reassessment of radio encryption standards.

The investigation showcased the alarming reduction of encryption key lengths within available algorithms to meet various export control regulations, affecting security levels across different regions. Such adjustments inadvertently weaken the encryption, exposing communications to potential compromises.

There's an ongoing debate on whether users are informed about these reduced-key vulnerabilities in their radio devices, with discrepancies in disclosure practices by manufacturers. This lack of transparency raises critical questions about the accountability of security standards in government communications.