Source URL: https://www.schneier.com/blog/archives/2025/08/encryption-backdoor-in-military-police-radios.html
Source: Schneier on Security
Title: Encryption Backdoor in Military/Police Radios
Feedly Summary: I wrote about this in 2023. Here’s the story:
Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.
There’s new news:
In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms…
AI Summary and Description: Yes
Summary: The text reveals significant security vulnerabilities within the TETRA encryption standards and related end-to-end encryption implementations, which were only recently exposed by Dutch security analysts. This discovery raises important concerns regarding the integrity of encryption in critical communication systems used by various organizations.
Detailed Description: The findings laid out in the text shed light on multiple critical aspects of security vulnerabilities in widely used encryption standards. Here’s a more detailed breakdown:
– **Vulnerabilities Detected**: Five vulnerabilities were discovered in the TETRA radio standard utilized in devices produced by notable manufacturers such as Motorola and Hytera. These flaws had remained undetected for decades due to proprietary encryption methods.
– **Recent Findings**: The Dutch researchers, Carlo Meijer, Wouter Bokslag, and Jos Wetzels, have now identified a further issue with the end-to-end encryption (E2EE) solution linked to the TETRA standard. This places a spotlight on the potential for eavesdropping in sensitive communication scenarios where these standards are applied.
– **Implementation Risks**: The researchers pointed out that one encryption implementation begins with a 128-bit key, which is then reduced to a 56-bit key. This significant reduction weakens the encryption, making it more susceptible to being cracked by malicious actors.
– **Awareness of Risk**: The text raises concerns regarding the obscurity surrounding which entities are using the flawed implementation of E2EE. There is uncertainty whether those utilizing TETRA devices with E2EE are aware that they are exposed to security vulnerabilities.
– **Backdoor Implications**: The researchers suggest that these vulnerabilities might represent deliberately implemented backdoors, thereby calling into question the overall integrity of security design in these critical communication systems.
This situation underscores the importance for professionals in security, compliance, and encryption sectors to thoroughly investigate and remediate hidden vulnerabilities within existing systems and standards. Furthermore, it reveals the crucial need for transparency in encryption algorithms, as the use of proprietary standards can hinder security evaluations and expose users to potential threats.