Nuked 
Hey there, tech lovers! Today we’re diving into some surprising news about radio encryption that might make you think twice about your secure communications.
Two years ago, Dutch researchers uncovered a hidden backdoor in an encryption system used by critical services, including police, military, and intelligence agencies worldwide. This flaw made their communications susceptible to eavesdropping. When they revealed this in 2023, ETSI, the standards organization, advised users to add an extra layer of encryption for safety.
However, recent findings show that certain implementations of this extra security layer are also vulnerable. Specifically, some systems compress a 128-bit key down to just 56 bits, significantly weakening security and making decryption easier for attackers.
This vulnerable encryption is typically used in high-security radios operated by law enforcement and special forces. While ETSI doesn’t produce this end-to-end encryption itself, it endorses solutions developed by the Critical Communications Association, which means many users might be unknowingly at risk.
Researchers managed to reverse-engineer a radio from Sepura and identified the key reduction flaw. They plan to present their discoveries at the BlackHat security conference, shedding more light on how these vulnerabilities could be exploited.
The problem isn’t just theoretical. Many countries, especially in Europe, the Middle East, and parts of Eastern Europe, rely on TETRA radios that incorporate various encryption algorithms. Some of these, like TEA1, have significantly weakened over time due to export control restrictions, replacing larger keys with shorter, more manageable but much less secure ones.
Moreover, the end-to-end encryption solution, designed to run on top of TETRA, also has weaknesses. Notably, it reduces a secure key to just 56 bits, raising the risk of decryption and message injection attacks. While some manufacturers and governments are aware of these issues, full transparency is lacking, making it difficult for users to know whether their radios are vulnerable.
All this highlights the importance of constantly reviewing and updating encryption methods to stay ahead of malicious actors and safeguard sensitive communications.
