Murgatroyd highlighted that buyers of TETRA-based radios have the option to implement alternative solutions for end-to-end encryption on their devices. He acknowledged, however, that the encryption standard developed by the TCCA and endorsed by ETSI is “widely used, as far as we can tell.”
While TETRA radios are not adopted by US military or police forces, they remain the standard for numerous police departments globally. Notable users include law enforcement in Belgium, Scandinavian nations, and Eastern European countries such as Serbia, Moldova, Bulgaria, and Macedonia. Additionally, countries in the Middle East like Iran, Iraq, Lebanon, and Syria employ TETRA technology. Defense ministries in Bulgaria, Kazakhstan, and Syria utilize these radios, alongside intelligence services in Poland, Finland, Lebanon, and Saudi Arabia. However, the extent to which these entities implement end-to-end encryption alongside their radios remains unclear.
The TETRA standard offers four encryption algorithms—TEA1, TEA2, TEA3, and TEA4—each of which can be selected based on customer needs and intended use. The security levels of these algorithms vary, particularly regarding their sale within or outside of Europe. For instance, TEA2 is limited to European law enforcement and emergency services, while TEA3 can be used by similar agencies outside Europe, confined to nations considered “friendly” to the EU. TEA1 is the go-to for public safety and military applications in countries deemed unfriendly, including Iran. It is also applied in critical infrastructure within the US for essential machine-to-machine communications across areas such as pipelines and electric grids.
All four TETRA algorithms utilize 80-bit keys for secure communication. However, researchers from the Netherlands disclosed a vulnerability in TEA1 that reduces its key size to 32 bits, enabling them to crack it in under a minute in 2023.
The examination of end-to-end encryption revealed that the initial key used is more secure than those in TETRA algorithms but is ultimately reduced to 56 bits. This limitation poses a potential risk, allowing the decryption of both voice and data communications. Furthermore, another vulnerability was identified, permitting the injection of fraudulent messages or the replay of legitimate communications, which could lead to misinformation or confusion among users.
The ability to inject voice traffic and replay messages impacts all users utilizing the TCCA’s end-to-end encryption, as indicated by the researchers. They attribute this weakness to design flaws in the E2EE protocol rather than a specific implementation. Reports from “law enforcement end users” confirm that this issue is present in radios produced by manufacturers other than Sepura.
Nevertheless, the researchers assert that only a limited number of end-to-end encryption users are likely to be affected by the reduced-key vulnerability, contingent upon the encryption’s implementation in radios sold across various countries.
