Are Critical Radio Encryptions Still Safe from Hackers?
436Many radios used by police, military, and emergency services rely on encryption to keep their communications private. But recent research shows some of these encryption methods might be easier to crack than people thought.
Two years ago, researchers in the Netherlands uncovered a backdoor in an encryption system built into radios that protect important communications. This flaw affected radios used by critical infrastructure, law enforcement, and military groups worldwide. When they revealed this in 2023, the organization behind the encryption, ETSI, advised users to add extra security layers on top of the flawed system. But now, the same researchers found a similar vulnerability in some of these added security measures.
How the encryption is supposed to work
The encryption system in question starts with a 128-bit key, which is a string of numbers used to secure data. But in some cases, this key gets compressed down to just 56 bits before encryption happens. Shorter keys are easier for hackers to decode with enough computing power. That means if someone wanted to listen in on these radios, they might be able to do so without the users knowing.
This end-to-end encryption (E2EE) is mainly used in radios for law enforcement, special forces, and intelligence agencies. It’s an extra layer of security designed to keep sensitive information safe during missions. The encryption was developed by the Critical Communications Association’s security group, not directly by ETSI, although ETSI worked closely with them. ETSI’s initial concern was that this encryption was mainly for government use, which is why it wasn’t part of their standard.
What the researchers found
The Dutch researchers, who previously exposed flaws in the European radio standard called TETRA, recently examined a radio device made by Sepura. They discovered that the end-to-end encryption used there starts with a stronger key but still reduces to 56 bits before encryption. This reduction makes it possible for an attacker to decrypt voice calls and data.
They also found a second problem: hackers could send fake messages or replay old ones. This could cause confusion or spread false information among radio users. These issues aren’t limited to one device—they could affect radios made by other vendors using the same encryption scheme.
The vulnerabilities they uncovered stem from flaws in how the encryption protocol was designed, not just in a specific device. This means many radios using the same system might be at risk, especially if they haven’t been updated.
Who is affected and what’s next?
Many countries in Europe, the Middle East, and parts of Asia and Eastern Europe use TETRA radios. This includes police forces in Belgium, Scandinavian countries, Iran, Iraq, Lebanon, and Syria. Defense agencies in Bulgaria, Kazakhstan, and Finland also rely on these radios. However, it’s unclear exactly how many of these organizations use the end-to-end encryption that’s vulnerable.
Because the encryption scheme can be customized, some users might have stronger protections depending on how their radios were set up. But the core issue remains: if the encryption keys are reduced in length, they’re more vulnerable to hackers.
ETSI stated that the end-to-end encryption isn’t officially part of their standard and was created by a separate organization, the TCCA. They explained that governments and agencies often have their own security rules and may choose different encryption methods. Still, many end users are likely unknowingly using systems with these flaws.
In short, even encryption designed for critical communications might have weaknesses. As computing power grows, older encryption methods with shorter keys become easier for hackers to break. That’s why continuous updates and stronger security standards are so important for protecting sensitive information on these vital radios.
What do you think?
It is nice to know your opinion. Leave a comment.