Researchers have discovered new vulnerabilities in radio encryption used by police, military, and critical infrastructure, raising concerns about secure communication reliability.
At a Glance
- Dutch researchers found flaws in TETRA encryption protocols used globally
- TEA1 cipher weakness reduces 80-bit keys to just 32 bits, crackable in under a minute
- A widely used E2EE implementation weakens 128-bit keys to 56 bits
- Attackers could inject or replay messages to disrupt operations
- Vulnerabilities affect systems in Europe, the Middle East, and parts of Asia
Cracking the Cipher
In 2023, researchers from the Netherlands-based cybersecurity group Midnight Blue revealed a major flaw in the TEA1 algorithm used in TETRA (Terrestrial Trunked Radio) systems. This cipher, deployed in radios for police forces, military units, and critical infrastructure, effectively reduced an 80-bit key to just 32 bits. The reduction allowed attackers to decrypt communications in under a minute using commercially available hardware.
Watch now: All Cops Are Broadcasting: Breaking TETRA After Decades In Public Disclosure · YouTube
Following the disclosure, the European Telecommunications Standards Institute (ETSI) advised organizations to apply end-to-end encryption (E2EE) as an additional safeguard over TETRA’s native encryption. This was intended to ensure that intercepted communications could not be deciphered even if the underlying TETRA layer was compromised.
New Weakness in the Fix
However, updated findings in August 2025 revealed that the recommended E2EE protection is itself vulnerable in at least one widely deployed implementation. Instead of preserving the full 128-bit key strength typical of modern cryptography, the implementation weakened it to just 56 bits. This reduction opens the door for brute-force attacks that could break the encryption in a feasible time frame with specialized equipment.
The same implementation also suffers from a protocol-level flaw enabling attackers to inject falsified messages or replay old ones. This capability could be used to spread misinformation, disrupt tactical coordination, or undermine trust between communication partners. Because this issue stems from the protocol design rather than one manufacturer’s code, it could affect multiple vendors and deployments.
Global Impact and Security Concerns
While TETRA radios are rare in the United States, they remain a mainstay for public safety and defense communications across Europe, the Middle East, and parts of Asia. Many police departments, military units, and emergency services in these regions depend on the technology for operational coordination.
The combination of long-standing vulnerabilities in TEA1 and the newly uncovered flaws in E2EE raises significant security concerns. In adversarial environments, these weaknesses could allow interception of sensitive information, manipulation of operational orders, or disruption of emergency responses. Given that some deployments may be unaware of the key-strength reductions, the risk is heightened by incomplete awareness and limited resources for urgent system upgrades.
Industry experts stress that any encryption system is only as secure as its weakest link. For TETRA users, both the foundational encryption and the widely recommended overlay now face questions about their resilience. Addressing these issues will likely require protocol redesign, manufacturer cooperation, and updated standards from ETSI to ensure long-term secure communications.
Sources
