The WHY, the How, the What. An assessment of TETRA End-to-end (WHY2025) episode artwork

EPISODE · Aug 11, 2025 · 48 MIN

The WHY, the How, the What. An assessment of TETRA End-to-end (WHY2025)

from Chaos Computer Club - recent events feed · host Wouter Bokslag, Carlo Meijer

TETRA is a European standard for trunked radio used globally by police, military and civilian parties alike. In the past, we already published the hitherto secret inner workings of TETRA and on several of its severe security issues. We're now back to discuss the last crucial part of TETRA security - its optional (and costly) end-to-end encryption, reserved for the most sensitive use cases. We'll discuss in detail how we obtained and analyzed those elusive algorithms, and what we found. TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities. In previous research, we published [TETRA:BURST](https://www.midnightblue.nl/tetraburst), revealing vulnerabilities in the TETRA air interface encryption, and publishing the secret cryptographic primitives for public scrutiny. We now present all-new material, assessing the optional and often expensive end-to-end encryption, which adds an additional layer of encryption on top of the air interface encryption, a layer that can only be decrypted by the traffic's recipient, and not by the infrastructure. These solutions enjoy significant end-user trust and are intended for the most sensitive of use cases. While the ETSI standard on TETRA does facilitate integration of some E2EE solution, the solutions themselves are vendor-proprietary, and proved quite hard to obtain. The opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers) is worrying enough, but given our previous TETRA:BURST research, E2EE is frequently mentioned as a potential mitigation. In order to shed light on its suitability, we decided to undertake the effort of reverse-engineering a TETRA E2EE solution. We'll discuss how we investigated the E2EE landscape, and how we (after being scammed on a Motorola device) managed to extract an implementation from a popular Sepura radio. We'll then discuss the E2EE design (that we have published on GitHub) along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS (short text) messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits. In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us. Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/WSM3XV/

TETRA is a European standard for trunked radio used globally by police, military and civilian parties alike. In the past, we already published the hitherto secret inner workings of TETRA and on several of its severe security issues. We're now back to discuss the last crucial part of TETRA security - its optional (and costly) end-to-end encryption, reserved for the most sensitive use cases. We'll discuss in detail how we obtained and analyzed those elusive algorithms, and what we found. TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities. In previous research, we published [TETRA:BURST](https://www.midnightblue.nl/tetraburst), revealing vulnerabilities in the TETRA air interface encryption, and publishing the secret cryptographic primitives for public scrutiny. We now present all-new material, assessing the optional and often expensive end-to-end encryption, which adds an additional layer of encryption on top of the air interface encryption, a layer that can only be decrypted by the traffic's recipient, and not by the infrastructure. These solutions enjoy significant end-user trust and are intended for the most sensitive of use cases. While the ETSI standard on TETRA does facilitate integration of some E2EE solution, the solutions themselves are vendor-proprietary, and proved quite hard to obtain. The opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers) is worrying enough, but given our previous TETRA:BURST research, E2EE is frequently mentioned as a potential mitigation. In order to shed light on its suitability, we decided to undertake the effort of reverse-engineering a TETRA E2EE solution. We'll discuss how we investigated the E2EE landscape, and how we (after being scammed on a Motorola device) managed to extract an implementation from a popular Sepura radio. We'll then discuss the E2EE design (that we have published on GitHub) along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS (short text) messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits. In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us. Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/WSM3XV/

NOW PLAYING

The WHY, the How, the What. An assessment of TETRA End-to-end (WHY2025)

0:00 48:20

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts. Piramidi Club The Bitcoin Butcher La Migliore Pizza di Firenze IT IS WHAT IT IS with SHALLZ - SHALLY ZOMORODI Shally Zomorodi What?  "It is what it is" with ShallZ – Shally ZomorodiWhen? WeeklyHow long? 35 minutesEvery week, Mother of 4, wife, morning TV news anchor and ultimate hostess, Shally Zomorodi talks about life - its up's and downs and how to stay on track in her weekly podcast, ‘It is what it is.’  Known for her high energy, infectious smile and ability to see the cup as half full Shally talks about all things in life and how to work through its challenges. From parenting, marriage, friendships, current events to how to smile when it just seems impossible ‘It is what it is’ is the perfect podcast to help inspire you to dance through the rain.

Frequently Asked Questions

How long is this episode of Chaos Computer Club - recent events feed?

This episode is 48 minutes long.

When was this Chaos Computer Club - recent events feed episode published?

This episode was published on August 11, 2025.

What is this episode about?

TETRA is a European standard for trunked radio used globally by police, military and civilian parties alike. In the past, we already published the hitherto secret inner workings of TETRA and on several of its severe security issues. We're now back...

Can I download this Chaos Computer Club - recent events feed episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!