Image by Freepik
Police And Military Radios Found Using Easily Cracked Encryption Keys
Reading time: 2 min
Last Updated: Aug 16, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
High-security police and military radios use an encryption system that may be easier to break than expected, potentially letting attackers listen in or send fake messages.
In a rush? Here are the quick facts:
- Police and military radios use weak 56-bit keys instead of 128-bit.
- Vulnerability allows attackers to send fake or replayed messages.
- Flaw affects TETRA-based radios in Europe, Middle East, and beyond.
WIRED reports that the security firm Midnight Blue found that some radios implementing “end-to-end encryption” (E2EE), endorsed by the European Telecommunications Standards Institute (ETSI), compress a secure 128-bit key down to only 56 bits. The reduced key size enables attackers to easily decode communications.
Attackers can exploit a second vulnerability to transmit deceptive messages or duplicate authentic communications, creating confusion among radio users. The TCCA E2EE scheme design flaw impacts all users, according to the researchers, who received confirmation from multiple radio vendors serving law enforcement end users.
The researchers also found a second flaw that lets attackers “send fraudulent messages or replay legitimate ones to spread misinformation or confusion to personnel using the radios,” as reported by WIRED. They say this design flaw affects all users of the TCCA E2EE scheme, and “law enforcement end users” have confirmed the issue exists in radios from multiple vendors.
The TETRA standard-based radios operate as police and military communication tools in Belgium, Serbia, Finland, Saudi Arabia, and Iran, as well as for intelligence agencies and critical infrastructure operators. They are not used by U.S. police, WIRED specifies.
ETSI’s Brian Murgatroyd said the E2EE wasn’t part of the ETSI standard and was created by another industry group, but admitted it “is widely used as far as we can tell,” as reported by WIRED. He added, “The choice of encryption algorithm and key is made between supplier and customer organisation, and ETSI has no input […] nor knowledge of which algorithms and key lengths are in use in any system.”
Researcher Jos Wetzels doubts all governments know if they’re using reduced security. “We consider it highly unlikely non-Western governments are willing to spend literally millions of dollars if they know they’re only getting 56 bits of security,” he said according to WIRED.
The findings will be presented today at the BlackHat security conference in Las Vegas.
Previous Story
Latest articles 
