Critical Vulnerabilities Discovered in TETRA Encryption Algorithms, Affecting Military and Police Communications

In 2023, Dutch security analysts Carlo Meijer, Wouter Bokslag, and Jos Wetzels from Midnight Blue uncovered significant vulnerabilities in the encryption algorithms of the Terrestrial Trunked Radio (TETRA) standard, widely used by manufacturers such as Motorola, Damm, and Sepura since the 1990s. These vulnerabilities remained hidden due to the European Telecommunications Standards Institute's (ETSI) long-standing refusal to permit independent examination of proprietary algorithms. The researchers discovered that the end-to-end encryption (E2EE) algorithm in a Sepura device reduces a 128-bit key to 56 bits, significantly weakening its security and making it susceptible to brute-force attacks. This flaw renders communications vulnerable to interception, posing a serious risk to military and police operations that rely on TETRA for secure communications. The extent of the impact is unclear, as it is not known which organizations use this specific E2EE algorithm implementation or if they are aware of the vulnerability. This discovery underscores the critical importance of transparency and independent audits in encryption standards, particularly for systems used in critical infrastructure. It also highlights the risks associated with proprietary algorithms and the necessity for regular security assessments. Cybersecurity professionals should take note of this vulnerability and assess whether their organizations are affected, taking appropriate measures to mitigate the risk of intercepted communications.