Researchers in the Netherlands have discovered a critical vulnerability in an encryption scheme used by police forces and intelligence agencies around the world, including those in Europe, the Middle East, and Africa. The scheme, developed by the European Telecommunications Standards Institute (ETSI), was designed to provide end-to-end encryption for communication devices made by Motorola, Damm, Sepura, and other manufacturers.
In 2023, Dutch researchers found a major flaw in the encryption algorithm used on radios made by Sepura. The issue arises when the key is compressed from 128 bits to 56 bits before it encrypts traffic, making it easier for hackers to crack the code. This vulnerability affects not only users of the specific device but also those who use end-to-end encryption solutions that rely on this algorithm.
ETSI initially recommended deploying an additional layer of encryption to mitigate the issue. However, researchers have now found a similar flaw in another implementation of end-to-end encryption, which is widely used by governments and law enforcement agencies. This has raised concerns about the security of communication systems used by critical infrastructure, police forces, and intelligence agencies worldwide.
The vulnerability affects devices made by multiple manufacturers, including those sold to countries outside Europe, where different export controls apply. The issue also arises from how the encryption algorithm is implemented in radios sold to various countries, making it uncertain how many users are aware of the security risk.
Researchers will present their findings at the BlackHat security conference in Las Vegas and call on manufacturers and regulatory bodies to address this critical vulnerability. As the use of end-to-end encryption becomes increasingly widespread, it is essential that those responsible for securing communication systems take immediate action to patch these vulnerabilities and ensure the integrity of sensitive information.
Source: https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find