So, Murgatroyd noted that buyers of TETRA-based radios are free to deploy other solutions on their radios for end-to-end encryption, but he acknowledged that TCCA produces and is recognized by ETSI “in what we can reveal.”
Although the United States and the military do not use TETRA-based radio equipment in the United States, most police forces around the world use them. These include police forces from Belgium and Scandinavian countries, as well as Eastern European countries such as Serbia, Moldova, Bulgaria and Macedonia, as well as the Middle East of Iran, Iraq, Lebanon and Syria. They are also used by the Ministry of Defense of Bulgaria, Kazakhstan and Syria, as are the intelligence services of Polish military counterintelligence agencies, Finnish Defense Forces, and Lebanon and Saudi Arabia. However, it is not clear how many of them are also deployed end-to-end decryption with radio.
The TETRA standard includes four encryption algorithms – TEA1, TEA2, TEA3 and TEA4, which can be used by radio manufacturers in different products, depending on the intended customer and use. Depending on whether the radio is sold in Europe or outside of the country, the algorithm has different levels of security. For example, TEA2 is restricted to radios used by European police, emergency services, military and intelligence agencies. TEA3 can be used for police and emergency service radios used outside Europe, but only in countries deemed to be “friendly” to the EU. Among public safety agencies, police agencies and military, only TEA1 can be used in countries deemed unfriendly to Europe, such as Iran. However, it is also used in critical infrastructure in the United States and other countries for machine-to-machine communications in industrial control environments such as pipelines, railroads and power grids.
All four four-chain encryption algorithms use 80-bit keys to ensure communication. But Dutch researchers revealed in 2023 that Tea1 has a feature that reduces its key to just 32 bits, allowing researchers to crack it in less than a minute.
For E2EE, the researchers found that the implementation they examined started with a more secure key with the key used in the TETRA algorithm, but reduced it to 56 bits, which could allow someone to decrypt voice and data communication. They also found a second vulnerability that would allow someone to send fraudulent messages or replay legitimate messages to spread false information or confusion to make people use radio to mess up people.
The researchers say the ability to inject voice traffic and replay messages affects all users of the TCCA end-to-end encryption scheme. They say this is the result of flaws in the design of the TCCA E2EE protocol, not a specific implementation. They also said “law enforcement end users” have confirmed to them that this is a radio generated by suppliers other than Sepura.
But the researchers say only a portion of end-to-end encryption users may be affected by the reduction of key vulnerabilities, as it depends on the implementation of encryption in radios sold to various countries.
