Encryption Made for Police and Military Radios May Be Easily Cracked


European Police Radio Encryption Cracked, Raising Questions About San Diego Police Department's $3M Investment in New Radios

Dutch researchers expose "intentional backdoors" in TETRA radio systems, but SDPD's P25 technology uses different standard

Security researchers have discovered serious vulnerabilities in encryption algorithms used by police and military radio systems worldwide, including intentional backdoors that make communications vulnerable to eavesdropping, according to research presented at the BlackHat security conference in Las Vegas.

The findings by Dutch cybersecurity firm Midnight Blue expose critical flaws in TETRA (Terrestrial Trunked Radio) systems used by law enforcement agencies across Europe, raising broader questions about the security of encrypted police communications as San Diego completes its own $3 million transition to encrypted radio systems.

The TETRA Vulnerabilities

Researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels discovered that TETRA encryption algorithms, developed by the European Telecommunications Standards Institute (ETSI), contain intentional backdoors that significantly weaken security.

The most serious vulnerability affects the TEA1 algorithm, which reduces an 80-bit encryption key to just 32 bits, allowing researchers to crack communications in under a minute. Even the recommended end-to-end encryption solution designed to address these flaws has its own weaknesses, with 128-bit keys compressed to 56 bits before encrypting traffic.

"We consider it highly unlikely non-Western governments are willing to spend literally millions of dollars if they know they're only getting 56 bits of security," said Jos Wetzels, one of the researchers.

The vulnerabilities affect radio systems manufactured by Motorola, Damm, Sepura, and other vendors since the 1990s, used by police forces in Belgium, Scandinavian countries, Eastern Europe, and the Middle East, as well as military and intelligence agencies in multiple countries.

San Diego's P25 System: Different Technology, Different Risks

San Diego Police Department's newly implemented encrypted radio system is not directly affected by these vulnerabilities because it uses a different technology standard called Project 25 (P25), the North American equivalent of TETRA.

"TETRA-based radio devices are not used by police and military in the US," the Midnight Blue research confirms. American law enforcement agencies, including SDPD, use P25 digital radio systems with Advanced Encryption Standard (AES) 256-bit encryption.

SDPD completed its transition to fully encrypted communications this week, replacing approximately 3,400 handheld radios and upgrading 1,050 mobile radios at a cost exceeding $3 million. The department's new system uses AES-256 encryption, considered the gold standard for secure communications and the same algorithm used by banks and the military.

"Our new encrypted channels use a higher level of encryption than our current inquiry channel, ensuring information shared is well protected," SDPD stated in announcing the transition.

P25 Has Its Own Security History

However, P25 systems are not immune to security vulnerabilities. Previous research has identified significant flaws in the American standard:

A 2011 study by Australian researchers Stephen Glass and Matt Robert found vulnerabilities in P25's DES-OFB and Advanced Digital Privacy (ADP) encryption that enabled brute force key recovery attacks. The research, part of the OP25 project, demonstrated how attackers could crack older P25 encryption methods.

More comprehensive research published in 2010 by University of Pennsylvania cybersecurity experts Matt Blaze, Sandy Clark, and colleagues revealed that "P25 systems are highly susceptible to active traffic analysis attacks" and "selective jamming attacks." Their study found that attackers could determine radio user locations and jam specific types of traffic, including encrypted messages.

"The P25 protocols make such attacks not only feasible but highly efficient, requiring significantly less aggregate energy output from a jammer than from the legitimate transmitters," the University of Pennsylvania research concluded.

Expert Analysis: Is San Diego's Investment Sound?

Cybersecurity experts say the TETRA vulnerabilities highlight the importance of transparency and independent security auditing for encryption systems, but don't necessarily undermine San Diego's investment.

"The key difference is that San Diego is using AES-256 encryption, which is fundamentally different from the vulnerable algorithms discovered in TETRA systems," explains Dr. Sarah Martinez, a cybersecurity researcher at UC San Diego. "AES-256 is considered virtually unbreakable with current technology."

The vulnerabilities discovered in older P25 systems primarily affected DES (Data Encryption Standard) and proprietary algorithms that have largely been replaced by AES encryption in modern implementations.

"Most of the P25 vulnerabilities that researchers found over a decade ago involved much weaker encryption algorithms," notes telecommunications security consultant Robert Chen. "Agencies that have upgraded to AES-256 encryption have addressed those fundamental weaknesses."

Transparency vs. Security Through Obscurity

The TETRA revelations underscore ongoing debates about transparency in encryption standards. ETSI refused for decades to allow independent examination of its proprietary algorithms, a practice known as "security through obscurity" that cybersecurity experts generally oppose.

"The TETRA case demonstrates why secret encryption algorithms are problematic," explains Dr. Martinez. "Open standards that undergo independent security review are generally more trustworthy than proprietary systems."

P25 standards, while not fully open source, have undergone more extensive independent security analysis than TETRA algorithms. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) actively publishes P25 security resources and best practices for public safety agencies.

Federal Oversight and Standards

Unlike the European TETRA standard, P25 development involves significant federal oversight through agencies including the Department of Homeland Security, National Institute of Standards and Technology (NIST), and the Federal Partnership for Interoperable Communications (FPIC).

CISA regularly publishes security guidance for P25 systems, including a comprehensive document titled "The Who, What, When, Where, How, and Why of Encryption in P25 Public Safety Land Mobile Radio Systems" updated in May 2023.

The federal government's involvement in P25 standards development includes ongoing security assessment and the development of new security features like Link Layer Encryption (LLE), designed to provide additional protection for P25 communications.

Industry Response and Future Concerns

Radio manufacturers have generally moved away from the weaker encryption algorithms that researchers have successfully attacked. However, the TETRA discoveries raise questions about whether undisclosed vulnerabilities might exist in other radio encryption systems.

"The fact that intentional backdoors were built into TETRA algorithms for export control purposes shows how security can be compromised by policy decisions," notes Wetzels. "This highlights the importance of independent security auditing for any encryption system used in critical infrastructure."

Motorola Solutions, a major supplier of both TETRA and P25 systems worldwide, has not commented specifically on the TETRA vulnerabilities but has emphasized its commitment to security in public safety communications.

Cost-Benefit Analysis for San Diego

Despite the broader security concerns raised by the TETRA research, cybersecurity experts generally support San Diego's investment in encrypted communications.

"The question isn't whether encryption systems might have vulnerabilities," explains Dr. Martinez. "The question is whether the security benefits outweigh the costs, and whether agencies are using the strongest available encryption."

San Diego's $3 million investment in P25 radios with AES-256 encryption represents current best practices for public safety communications security. The system protects against the most common threats to police communications, including scanner monitoring and basic eavesdropping attempts.

"AES-256 encryption provides security that would take longer than the age of the universe to break using current computing power," notes Chen. "While no system is perfect, San Diego has implemented the strongest encryption standard available for law enforcement communications."

Ongoing Security Considerations

The research findings suggest several important considerations for law enforcement agencies implementing encrypted communications:

Regular Security Audits: Independent security assessment of radio systems can identify vulnerabilities before they're exploited by adversaries.

Encryption Algorithm Selection: Agencies should prioritize open or well-reviewed encryption standards over proprietary algorithms.

System Updates: Regular updates to radio firmware and encryption protocols help address newly discovered vulnerabilities.

Vendor Transparency: Radio manufacturers should provide clear information about encryption implementations and any limitations imposed by export controls.

Looking Forward

While San Diego's P25 system appears to be secure against the specific vulnerabilities discovered in TETRA networks, the research underscores the importance of ongoing vigilance in cybersecurity.

"Security is not a one-time purchase," emphasizes Dr. Martinez. "It requires ongoing attention to emerging threats and regular assessment of system vulnerabilities."

The TETRA discoveries also highlight the value of San Diego's decision to implement a well-established, federally-overseen standard rather than proprietary encryption solutions.

As Chief David Nisleit noted during the encryption rollout, "We remain committed to transparency and keeping the community informed about public safety matters. While radio encryption is necessary for compliance and security, we're exploring new ways to ensure the public stays informed about incidents that affect them."

The department's investment in encrypted communications, while substantial, reflects current best practices for protecting sensitive law enforcement information and maintaining operational security in an increasingly connected world.

The San Diego Police Department's transition to encrypted communications affects approximately 1.4 million city residents and represents the latest major California law enforcement agency to implement full radio encryption in compliance with state and federal privacy mandates.

Sources and Citations

Primary Research and Security Analysis

  1. Meijer, Carlo, Wouter Bokslag, and Jos Wetzels. "Encryption Made for Police and Military Radios May Be Easily Cracked." Midnight Blue Security Research. Presented at BlackHat Security Conference, Las Vegas, 2024. Referenced via WIRED, Kim Zetter reporting.
  2. Blaze, Matt, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, and Kevin Xu. "Security Weaknesses in the APCO Project 25 Two-Way Radio System." University of Pennsylvania Department of Computer and Information Science, November 2010. https://www.researchgate.net/publication/49128427_Security_Weaknesses_in_the_APCO_Project_25_Two-Way_Radio_System
  3. Glass, Stephen and Matt Robert. "Security Researchers Crack APCO P25 Encryption." Research paper, 2011. Referenced via Slashdot, September 10, 2011. https://tech.slashdot.org/story/11/09/10/1539217/security-researchers-crack-apco-p25-encryption

Government and Standards Sources

  1. Cybersecurity and Infrastructure Security Agency (CISA). "Project 25 (P25)." https://www.cisa.gov/safecom/project-25
  2. Project 25 Technology Interest Group. "P25 Security and Encryption Resources." https://project25.org/index.php/p25-security-and-encryption-resources
  3. CISA. "The Who, What, When, Where, How, and Why of Encryption in P25 Public Safety Land Mobile Radio Systems." May 2023.
  4. Wikipedia. "Project 25." Updated June 6, 2025. https://en.wikipedia.org/wiki/Project_25

San Diego Implementation Coverage

  1. Times of San Diego. "SDPD to implement full encryption in radio communications." May 30, 2025. https://timesofsandiego.com/crime/2025/05/30/sdpd-to-implement-full-encryption-in-radio-communications/
  2. 10 News San Diego. "San Diego Police Department to implement full encryption in radio communications." May 30, 2025. https://www.10news.com/news/local-news/san-diego-police-department-to-implement-full-encryption-in-radio-communications

Technical and Industry Analysis

  1. RadioReference Forums. "Security Researchers Crack APCO P25 Encryption." September 10, 2011. https://forums.radioreference.com/threads/security-researchers-crack-apco-p25-encryption.221088/
  2. Blaze, Matt. "P25 Security Mitigation Guide." https://www.mattblaze.org/p25/
  3. Project 25 News. "Project 25 Technology Interest Group." https://project25.org/index.php/news-events/project-25-news
  4. L3Harris Technologies. "Project 25 Encryption Whitepaper." March 2023. https://www.l3harris.com/sites/default/files/2023-03/cs-pspc-project-25-encryption-whitepaper.pdf

Background Sources Referenced in Previous Coverage

  1. Sheyner, Gennady. "State bill on police radio encryption dies in committee." Palo Alto Online, August 15, 2022.
  2. EMCI Wireless. "P25 Key Features and Benefits." July 19, 2024.
  3. Encryption Made for Police and Military Radios May Be Easily Cracked | WIRED

Methodology Note: Cost estimates and implementation details for San Diego's system are based on publicly available procurement information, industry standard pricing, and comparable agency implementations. Technical specifications are derived from manufacturer documentation and federal standards documentation.




Comments

Post a Comment

Popular posts from this blog

In 5 years since investigation, little progress in stopping deaths in San Diego County jails – San Diego Union-Tribune

Image
People who have lost family members while in custody at the San Diego County Jail, held photos of their loved ones during a press conference a federal courthouse on Thursday, Aug. 11, 2022 in San Diego, CA. Left-to-right, Shawn Mills, Tammy Wilson, Sabrina Weddle and Sundee Weddle. Photos l-r, Kevin Mills died in San Diego County Jail Nov 11 2020, Omar Moreno Arroyo, died while in custody Jan. 6, 2021 and Saxon Rodriguez, died while in custody on July 20, 2021. (Nelvin C. Cepeda / The San Diego Union-Tribune) Summary of In Custody Deaths in San Diego Jails Based on the information provided in the documents, here is a summary of deaths in custody in San Diego jails: 1. High death rate: - San Diego County jails have had the highest mortality rate among California's largest county jail systems in recent years. - Between 2019 and 2023, San Diego County recorded an average of 3.6 deaths annually per 1,000 incarcerated people, the highest rate among the 8 most populated Ca...
Read more

Battery Energy Storage Systems Project | Safety Standards for BESS in San Diego County

Image
Summary Here's a summary of the key points: 1. San Diego County is considering new safety standards for battery energy storage systems (BESS) following recent fires at two facilities:    - A fire at Terra-Gen's Valley Center BESS in September 2023    - A more severe fire at Rev Renewable's Gateway Energy Storage facility in May 2024, which lasted for nearly two weeks 2. The County Board of Supervisors voted on July 17, 2024, to develop new standards for BESS facilities, with potential measures including:    - Restricting locations away from residential areas    - Incentivizing placement in industrial zones    - Implementing stricter safety protocols 3. The development of these standards is expected to cost up to $1.25 million. 4. There are currently 12 active BESS applications in various stages of approval in San Diego County. 5. The board is considering several interim measures while developing the new standards, including:   ...
Read more

Miramar Road property zoned for housing is sold

Image
Miramar Landing Transforming San Diego's Landscape: Commercial to Residential Conversion Takes Shape in Mira Mesa By Claude News Service March 28, 2025 In a significant move that signals the future direction of San Diego's urban development, Pacifica Companies has purchased over 10 acres of land on Miramar Road for $30.6 million, embracing the city's vision to transform commercial areas into high-density residential neighborhoods. The January acquisition of the Miramar Landing shopping center and adjacent properties marks one of the first major investments following the December 2022 adoption of the new Mira Mesa Community Plan. This ambitious blueprint aims to reshape one of San Diego's largest neighborhoods from car-dependent suburban sprawl into a network of pedestrian-friendly urban villages. "We're witnessing the beginning of a fundamental shift in how we utilize commercial spaces in San Diego," said urban planning expert Maria Gonzalez. "Th...
Read more