Critical Encryption Issues Found in Police and Military Radios
In a breakthrough revelation, researchers from the Netherlands unveiled vulnerabilities in an encryption algorithm embedded in radios used globally by vital infrastructure sectors, including police, intelligence agencies, and military forces. This design flaw, discovered just two years ago, left these communications susceptible to eavesdropping attacks.
Following the public disclosure of these vulnerabilities in 2023, the European Telecommunications Standards Institute (ETSI), responsible for developing the algorithm, recommended that users opt for end-to-end encryption on top of the flawed standard to enhance communication security.
Alarmingly, the same researchers recently identified a comparable vulnerability in at least one implementation of the ETSI-endorsed end-to-end encryption. This particular encryption system begins with a 128-bit key, which is then compressed to 56 bits, significantly lowering its security strength and making it easier to crack.
Predominantly utilized by government operatives and agencies requiring heightened security for national defense operations, this end-to-end encryption is costly to implement. However, the widespread endorsement of this algorithm by ETSI has likely expanded its usage considerably beyond initial predictions.
Vulnerabilities in the encryption algorithms of the TETRA (Terrestrial Trunked Radio) standard, which has been integrated into radio systems from companies like Motorola and Sepura since the 1990s, were spotlighted thanks to the diligent research by experts Carlo Meijer, Wouter Bokslag, and Jos Wetzels from Midnight Blue.
The researchers' investigation revealed critical issues associated with the algorithm's susceptibility to fraudulent message injection and message replay, which could lead to misinformation during operations. Although not all users are affected, those who are may unknowingly operate with reduced encryption integrity, as noted by interactions with certain law enforcement users.
While ETSI argues that it does not dictate the encryption parameters used in deployed systems, the collaboration with The Critical Communications Association (TCCA) suggests shared responsibility over the vulnerable features in these radio systems' encryption.
This research highlights the urgent need for addressing security loopholes, as radio systems leveraging the TETRA encryption remain widely utilized across Europe, the Middle East, and even in some sectors within the US for critical infrastructure communications.
The vulnerabilities surrounding these critical communication tools underscore the challenges faced in maintaining secure transmissions in an era where technological advancement continues to challenge existing security measures. Governments adopting these systems must remain vigilant, acknowledging potential risks and adapting security strategies accordingly.
