Encrypted for police and military radios may be easily broken
For this reason, Morgatroid noted that Tetra -based radio buyers can deploy other solutions to end -to -end encryption on their radios, but he acknowledges that one produced by TCA and approved by ETSI “is used as far as we can.”
Although Tetra -based radio devices are not used by police and army in the United States, most police forces around the world use them. These include police forces in Belgium and Scandinavia, as well as Eastern European countries such as Serbia, Moldova, Bulgaria and Macedonia, and in the Middle East in Iran, Iraq, Lebanon and Syria. Defense ministries in Bulgaria, Kazakhstan and Syria also use them, such as Poland’s exclusive military agency, Finnish defense forces, and Lebanese and Saudi intelligence services. However, it is unclear how many of these are the end decoding with their radios.
The Tetra standard consists of four encryption algorithms – TeA1, TeA2, TEA3 and TEA4 – which can be used in various products depending on the customer and the use by radio manufacturers. These algorithms have different levels of security based on the fact that radios are sold in Europe or abroad. For example, TEA2 has been limited to use in police used radios, emergency services, army and intelligence agencies in Europe. TEA3 is available for police radio and emergency services used abroad, but only in countries that are “friendly” for the European Union. Only TeA1 is available for radios used by public safety agencies, police agencies and militias in countries that are not friendly with Europe, such as Iran. But it is also used in critical infrastructure in the United States and other countries for machine communication to the machine in industrial control settings such as pipelines, railways and electric networks.
All four Tetra encryption algorithms use 80 -bit keys to provide communication. But Dutch researchers revealed in 2023 that the TEA1 has features that would reduce the key to only 32 bits, allowing the researchers to reduce it in less than a minute.
In the case of E2EE, the researchers found that their execution starts with a safer key than used in Tetra algorithms, but reduced to 56 bits, which potentially makes someone decrypted audio and data communication. They also found a second vulnerability that allows someone to send fraud messages or re -broadcast legal permits to distribute misunderstanding or confusion for personnel using radio.
According to the researchers, the possibility of injecting audio traffic and re -dissemination messages affects all users of the TCA end end encryption plan. They say this is the result of the defect in the design of the TCCA E2ee protocol instead of a specific run. They also say that “final users of law enforcement” have confirmed them that the defect is on radios produced by sellers other than sellers.
But the researchers say that only a subset of end -to -end encryption users is likely to be reduced by the vulnerability of the key because it depends on how encrypted on radios sold to different countries.
