Photo by Stefan Cosma on Unsplash
Two years ago, a group of security researchers in the Netherlands stumbled onto something pretty disturbing. While digging into European police and military radio systems, they discovered that a long-trusted encryption algorithm had a built-in backdoor — one that made it far too easy for anyone with the tools (and the motive) to quietly eavesdrop on sensitive communications.
But it turns out, that was only the start.
Now, those same researchers — Carlo Meijer, Wouter Bokslag, and Jos Wetzels from Dutch cybersecurity firm Midnight Blue — have found a new weakness. This time, it’s not in the original flawed encryption, but in the “fix” that was supposed to make things secure: the end-to-end encryption that was tacked on to protect the system.
So what exactly is going on?
A False Sense of Security?
Photo by GuerrillaBuzz on Unsplash
Back in 2023, after the trio exposed vulnerabilities in TETRA (a radio standard created by the European Telecommunications Standards Institute, a.k.a. ETSI), the industry scrambled to respond. TETRA, which has been around since the ’90s, is used in government radios around the world — from cops on the streets of Belgium, to intelligence teams in Syria, all the way to industrial control systems in the US.
ETSI’s fix? They advised everyone to use a layer of end-to-end encryption on top of TETRA, especially for anything sensitive. That extra layer was provided by the TCCA (The Critical Communications Association), an organization closely tied to ETSI.
But now that layer is cracking too.
The Midnight Blue team reverse-engineered a radio made by Sepura (one of the big players in this space) and found that its encryption system starts with a strong 128-bit key… but compresses it down to just 56 bits before encrypting anything. That’s a big downgrade. And it matters, because cracking a 56-bit key is far more doable than with a 128-bit one. That means attackers could potentially snoop on live conversations or intercept data.
And Sepura isn’t the only one affected.
How Bad Is It?
It’s hard to know just how many radios are using this weakened encryption. The standard isn’t public — TCCA only shares the technical details with vendors under NDAs. But the research team says the weakness in key size isn’t just a vendor-specific mistake. It likely stems from the design of the encryption system itself.
And it doesn’t stop there.
The team also found another vulnerability: attackers could send fake voice messages or replay old ones. That’s the kind of thing that could cause confusion for police officers or military units relying on these radios in real time.
Even more concerning, there’s little evidence that users actually know this is happening.
A leaked Sepura document from 2006 mentions that encryption key lengths in some radios could be as short as 56 bits depending on export controls. But public documentation is murky at best. Researcher Jos Wetzels says some manufacturers may disclose it internally or in specialized brochures, but many say nothing at all.
From what the Midnight Blue team gathered, security-conscious government agencies might assume they’re getting strong protection — and could be spending millions on radios that aren’t delivering that level of security.
Why Is This Happening?
Photo by Antonino Visalli on Unsplash
Some of the vulnerability ties back to export laws. For example, the older TETRA algorithm called TEA1 had its key strength intentionally cut to just 32 bits to comply with rules for non-European countries. This made it crackable in under a minute, which is exactly what the Midnight Blue team did last year.
Similarly, export regulations might be at play with the current end-to-end encryption designs too. There are references to factory configurations that can drop the key size below 128 bits — possibly down to 64 or 56 — depending on where the radio is headed.
Brian Murgatroyd, a former ETSI leader closely tied to both ETSI and TCCA, said government agencies usually work with vendors to set their encryption preferences. In theory, that means they know what they’re getting. But the researchers disagree.
“We consider it highly unlikely non-Western governments are willing to spend literally millions of dollars if they know they’re only getting 56 bits of security,” said Wetzels.
Who’s Using These Radios?
TETRA-based radios aren’t used in U.S. law enforcement, but they are widely deployed elsewhere:
- Police and emergency services in Western and Eastern Europe
- Intelligence services in Lebanon, Saudi Arabia, and Syria
- Military units in Bulgaria, Finland, and Kazakhstan
- Industrial systems in the U.S., like electric grids and pipelines
All of which raises a big question: How many of these users actually know their radios are potentially vulnerable?
What Now?
For now, the Midnight Blue team is presenting their findings at the Black Hat security conference in Las Vegas. Their work highlights a critical need for transparency in security systems — especially those used by governments, first responders, and national infrastructure.
If you’re in charge of secure communications, now might be a good time to double-check your encryption. Because as it stands, what was sold as a secure upgrade might just be another open door.
—
🧠 Key Takeaways:
- Trusted radio encryption used by global police and military may be weak
- End-to-end encryption “fix” also compresses keys, making them easier to crack
- Some radios are vulnerable to eavesdropping and message spoofing
- Users may be unaware their radios offer only partial protection
- Researchers urge government customers to verify the technology they’re buying
Security isn’t just about having encryption — it’s about having the right kind of encryption. And right now, too many are trusting systems they probably shouldn’t.
Keywords: Police radio encryption, Military communication vulnerability, TETRA encryption, End-to-end encryption weakness, Sepura radio security, Cybersecurity research, Midnight Blue firm, Black Hat security conference, Global public safety technology
