Ethical Hacking News
A recent discovery has exposed a vulnerability in an encryption algorithm widely used by law enforcement and military agencies, raising concerns about the effectiveness of current security protocols. The implications of this finding are far-reaching, and have sparked questions about the security of sensitive communication systems used by governments and critical infrastructure around the world.
Researchers in the Netherlands discovered a vulnerability in an encryption algorithm widely used by law enforcement and military agencies. The algorithm's compression reduces its security, making it easier to crack. An end-to-end encryption solution endorsed by ETSI has a similar issue, raising concerns about the overall security of sensitive communication systems. The discovery highlights the need for improved security protocols and raises questions about the effectiveness of current encryption standards.
The security landscape of critical infrastructure, including law enforcement and military agencies, has been shaken to its core by a recent discovery made by researchers in the Netherlands. Two years ago, these experts uncovered an intentional backdoor in an encryption algorithm that is widely used by police, intelligence agencies, and special forces around the world. The implications of this finding are far-reaching, and have sparked concerns about the security of sensitive communication systems used by governments and critical infrastructure.
The European Telecommunications Standards Institute (ETSI), which developed the algorithm, advised anyone using it for sensitive communication to deploy an end-to-end encryption solution on top of the flawed algorithm to bolster the security of their communications. However, new research has revealed that at least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping.
The encryption algorithm used for the device examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. This compression is necessary due to export control regulations, which limit the use of certain encryption algorithms in countries around the world. However, the reduction in key length from 128 bits to 56 bits significantly reduces the security of the algorithm.
The end-to-end encryption used with TETRA-based radios is not part of the ETSI standard, nor was it created by the organization. Instead, it was produced by The Critical Communications Association’s (TCCA) security and fraud prevention group (SFPG). However, ETSI and TCCA work closely with one another, and the two organizations include many of the same people. Brian Murgatroyd, former chair of the technical body at ETSI responsible for the TETRA standard as well as the TCCA group that developed the E2EE solution, wrote in an email on behalf of ETSI and the TCCA that end-to-end encryption was not included in the original specification for TETRA.
The researchers who discovered the vulnerability plan to present their findings today at the BlackHat security conference in Las Vegas. The implications of this discovery are significant, and raise questions about the effectiveness of current encryption standards and protocols used by law enforcement and military agencies around the world. It remains to be seen how these organizations will respond to this new information, but one thing is clear: the security of sensitive communication systems is under threat.
In a statement, Jos Wetzels, one of the researchers who discovered the vulnerability, said that while governments may have their own proprietary encryption algorithms for use in devices, it remains unclear whether users are aware of the security vulnerabilities present in these systems. Wetzels also noted that some manufacturers only mention this issue internally or do not disclose it to customers at all.
The discovery has sparked concerns about the use of encryption by law enforcement and military agencies around the world. It is unclear who is using the end-to-end encryption solution that has been found to be vulnerable, but experts warn that if not addressed, this could have serious consequences for national security.
In conclusion, the recent discovery of a vulnerability in an encryption algorithm used by law enforcement and military agencies raises significant concerns about the effectiveness of current security protocols. As governments and critical infrastructure around the world continue to rely on these algorithms for sensitive communication, it is clear that more needs to be done to ensure the security of these systems.
Related Information:
https://www.ethicalhackingnews.com/articles/EXPOSING-THE-WEAKNESS-Encryption-Made-for-Police-and-Military-Radios-May-Be-Easily-Cracked-ehn.shtml
https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/
Published: Thu Aug 7 15:18:09 2025 by llama3.2 3B Q4_K_M
