Encryption Made for Police and Military Radios May Be Easily Cracked
For this reason, Murgatroyd noted that Tetra -based radios buyers are free to deploy other solutions for end -to -end encryption on their radios, but it recognizes that that produced by TCCA and approved by ETSI “is widely used as far as we can see it”.
Although TETRA-based radio devices are not used by police and soldiers in the United States, the majority of police forces around the world use them. These include police forces in Belgium and the Scandinavian countries, as well as Eastern European countries such as Serbia, Moldova, Bulgaria and Macedonia, and in the Middle East in Iran, Iraq, Lebanon and Syria. Defense ministries in Bulgaria, Kazakhstan and Syria also use them, as is the Polish military counter-espionage agency, Finnish defense forces, Lebanon and Saudi Arabia intelligence. It is not clear, however, how many these also deploy a decryption from start to finish with their radios.
The Tetra standard includes four encryption algorithms – TEA1, TEA2, TEA3 and TEA4 – which can be used by radio manufacturers in different products, depending on the planned customer and use. Algorithms have different levels of security depending on the sale of radios in Europe or outside Europe. TEA2, for example, is restricted for use in the radios used by the police, emergency services, soldiers and intelligence agencies in Europe. TEA3 is available for police and emergency services used outside Europe, but only in countries deemed “friendly” in the EU. Only TEA1 is available for radios used by public security agencies, police agencies and soldiers in countries deemed non -friendly with Europe, such as Iran. But it is also used in critical infrastructure in the United States and other countries for machine communication in industrial control areas such as pipelines, railways and electrical networks.
The four Tetra encryption algorithms use 80 -bit keys to secure communication. But Dutch researchers revealed in 2023 that the TEA1 has a characteristic that makes its key reduced to only 32 bits, which allowed researchers to break it in less than a minute.
In the case of the E2EE, the researchers found that the implementation they examined begins with a safer key than those used in Tetra algorithms, but it is reduced to 56 bits, which would potentially allow someone to decipher voice and data communications. They also found a second vulnerability that would allow someone to send fraudulent messages or replay legitimate messages to disinfuse disinformation or confusion to staff using radios.
The possibility of injecting vocal traffic and replaying messages affects all users of the end -to -end TCCA encryption scheme, according to the researchers. They say that it is the result of defects in the design of the TCCA E2E protocol rather than a particular implementation. They also say that “end users of the law application” have confirmed to them that this flaw is in the radios produced by suppliers other than Sépura.
But researchers say that only a subset of end-to-end encryption users is probably affected by the vulnerability of the reduced keys because it depends on how encryption has been implemented in the radios sold to various countries.
