Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Flawed Security of Global Police and Military Radios: A Threat to National Security



In a shocking revelation, researchers have discovered that a widely used encryption algorithm for police and military radios across the globe is vulnerable to eavesdropping due to a fundamental flaw in its design. This vulnerability could have significant implications for national security, as these radios are used by law enforcement agencies, special forces, and covert military units worldwide.

  • Researchers have found a fundamental flaw in the TETRA encryption algorithm used globally by police and military radios.
  • The algorithm's reduced-key vulnerability can be easily exploited by attackers, posing significant implications for national security.
  • A subset of end-to-end encryption users are likely affected, as the issue depends on how the encryption was implemented in radios sold to various countries.
  • Attacks could compromise sensitive information and potentially lead to physical harm if an attacker gains access to the encryption key or manipulates radio traffic.



    • In a shocking revelation, researchers have discovered that a widely used encryption algorithm for police and military radios across the globe is vulnerable to eavesdropping due to a fundamental flaw in its design. The discovery, made by security experts from the Netherlands, has significant implications for national security, as these radios are used by law enforcement agencies, special forces, and covert military units in numerous countries.

    According to the researchers, the encryption algorithm in question is part of the TETRA (Terrestrial Trunked Radio) standard, which was developed by the European Telecommunications Standards Institute (ETSI). The algorithm, known as end-to-end encryption (E2EE), is used to secure voice traffic and messages transmitted over these radios. However, it has been found that this encryption scheme relies on a reduced-key vulnerability, which can be easily exploited by attackers.

    This flaw was first discovered in 2023 by researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue. The team found that the TEA1 algorithm, used as part of the TETRA standard, had a feature that caused its key to get reduced to just 32 bits, allowing it to be cracked in under a minute. This vulnerability was not previously known publicly, and ETSI did not disclose the issue until after the researchers' discovery.

    The researchers found that at least one implementation of the end-to-end encryption solution endorsed by ETSI had a similar issue with its key being reduced from 128 bits to 56 bits, which would allow an attacker to decrypt voice and data communications. Furthermore, they discovered another vulnerability that could be used to send fraudulent messages or replay legitimate ones, potentially spreading misinformation or confusion among personnel using the radios.

    The researchers emphasize that only a subset of end-to-end encryption users are likely affected by this reduced-key vulnerability, as it depends on how the encryption was implemented in radios sold to various countries. ETSI's Murgatroyd stated that purchasers of TETRA-based radios are free to deploy other solutions for end-to-end encryption on their radios, but acknowledged that the one produced by the Critical Communications Association (TCCA) and endorsed by ETSI is widely used.

    The implications of this discovery are significant. Police and military forces around the world rely heavily on these radios for secure communication, often in critical infrastructure such as pipelines, railways, and electric grids. If an attacker gains access to the encryption key or can manipulate the radio traffic, it could lead to serious consequences, including the compromise of sensitive information and potentially even physical harm.

    The researchers plan to present their findings today at the Black Hat security conference in Las Vegas, highlighting the urgent need for improved security measures for these radios. ETSI has taken steps to address the issue by advising users to deploy an end-to-end encryption solution on top of the flawed algorithm, but more needs to be done to ensure the security of global police and military communications.

    The discovery also raises questions about the level of oversight and regulation within the ETSI standard. While ETSI is committed to developing secure standards for the telecommunications industry, it has been criticized in the past for not being transparent enough about its proprietary algorithms. In this case, the researchers were only able to discover the vulnerability by reverse-engineering the E2EE algorithm used in a radio made by Sepura.

    The incident highlights the ongoing cat-and-mouse game between security experts and malicious actors in the realm of cybersecurity. As technology advances, new vulnerabilities are discovered, and it is crucial for industries to prioritize security and transparency to prevent such incidents from happening in the future.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Flawed-Security-of-Global-Police-and-Military-Radios-A-Threat-to-National-Security-ehn.shtml

  • https://arstechnica.com/security/2025/08/encryption-made-for-police-and-military-radios-may-be-easily-cracked/


    • Published: Sat Aug 9 07:11:29 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us