DefenseCybersecurityTelecomGovTech

Black Hat USA 2025 | 2 Cops 2 Broadcasting: TETRA End-To-End Under Scrutiny

Black Hat
Black HatApr 7, 2026

Why It Matters

Compromised Tetra end‑to‑end encryption threatens the confidentiality of emergency and critical‑infrastructure communications, forcing agencies to reassess reliance on proprietary radio standards.

Key Takeaways

  • Tetra end‑to‑end encryption layer contains critical, exploitable flaws.
  • Researchers achieved arbitrary code execution on commercial radios via physical access.
  • Weak algorithm 0x87 reduces key entropy to 56 bits, enabling brute force.
  • Proprietary specifications and NDAs hinder security audits and public scrutiny.
  • Vulnerabilities could affect police, military, and critical infrastructure worldwide.

Summary

Midnight Blue, a Dutch cyber‑security consultancy, presented at Black Hat USA 2025 a deep dive into the end‑to‑end encryption layer of the Tetra terrestrial trunked radio standard. Tetra, widely adopted for police, military and SCADA communications, has long kept its cryptographic algorithms under NDA, but the team’s latest research lifts the veil on the most sensitive part of the protocol.

Building on their 2023 reverse‑engineering of the air‑interface cipher, the researchers uncovered a suite of new flaws: a back‑door TA1 cipher offering only 32‑bit security, a keystream‑recovery attack that breaks confidentiality, and, critically, an export‑grade algorithm (0x87) that collapses a 128‑bit traffic key to merely 56 bits of effective entropy. They also demonstrated arbitrary code execution on commercial radios using a previously disclosed firmware vulnerability, allowing full control and extraction of end‑to‑end keys in seconds.

The team highlighted how the secrecy surrounding Tetra’s specifications hampers security review. A 2003 internal TCCA document, inadvertently posted online, and a series of Chinese and Russian academic papers revealed that the same restricted material is already circulating in academia, despite NDAs. Their live demo showed malicious voice frames injected into an encrypted call, proving that an attacker can manipulate traffic without detection.

If exploited, these weaknesses could compromise mission‑critical communications for law‑enforcement, intelligence agencies and critical‑infrastructure operators across Europe, Latin America, the Middle East and South Asia. The findings pressure vendors and standards bodies to abandon proprietary, opaque cryptography in favor of transparent, auditable algorithms, and they underscore the urgency of deploying truly robust end‑to‑end protection.

Original Description

In this talk, we will present the first public security analysis of TETRA end-to-end encryption (E2EE) used for the most sensitive communications - such as those by intelligence agencies and special forces.
In all-new material, we present seven security vulnerabilities pertaining to TETRA and its E2EE, three of which are critical.
TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities.
While we previously reverse-engineered and published the then-secret algorithms underpinning TETRA cryptography, the vendor-proprietary E2EE solution (which enjoys significant end-user trust) intended for the most critical use cases remained undisclosed and proved quite hard to obtain.
Given the opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers), we decided to undertake the effort of reverse-engineering a TETRA E2EE solution.
We did this by extracting it from a popular Sepura radio and discovering several critical 0-day vulnerabilities in the radio in the process, presenting additional key extraction and covert implanting vulnerabilities.
We will publish the E2EE design along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits.
In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us.
Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks.
By:
Carlo Meijer | MSc, Midnight Blue
Wouter Bokslag | MSc, Midnight Blue
Jos Wetzels | MSc, Midnight Blue
Full Session Details Available at:

Comments

Want to join the conversation?

Loading comments...