
Photo: MSB
Serious security flaws in radio systems
Radio communication systems used for important communication are not sufficiently protected against modern digital threats. This is revealed in a new study from the University of Skövde and the Swedish Defence University.
The study, which was recently published in the scientific journal Information and Computer Security, points out shortcomings in the security of the TETRA radio communication standard, which is used by, among others, emergency services, public transport and industries.
Security is weaker than it seems
“Our results show that many believe that these systems are safe because the technology is advanced. But important security controls, such as modern encryption and secure logins, are often missing” says Marcus Nohlberg, associate professor of information technology at the University of Skövde.
When encryption is used, it is often flawed, which is partly due to the fact that the technology has previously been unavailable for vetting by researchers and security experts.
“Unlike ordinary IT systems, which are constantly updated against new threats, these radio systems are built to last for decades. They change very slowly, which means that vulnerabilities can remain for many years without being addressed” says Marcus Dansarie, PhD student at the Department for Systems Science for Defence and Security at the Swedish Defence University.
Lack of expertise in radio communications
Another problem is that very few people in Sweden have deep technical knowledge about the technology. This creates a situation where the whole of society relies on a few experts and companies to ensure the function and protection of vital communication networks.
“Radio systems are often invisible to the public, but they are central to many socially important activities. They are therefore kind of a hidden but critical part of our digital infrastructure” says Marcus Nohlberg.
The researchers emphasize that these systems are in practice IT systems, but are not treated as such. Security procedures and principles for radio systems are often lacking, compared to normal standards in cybersecurity.
“This means that both users and decision-makers may believe that the systems are secure, even when they are in fact very vulnerable. At the same time, the threats are becoming more sophisticated every year.” says Marcus Dansarie.
Time for national discussion
The researchers are now calling for a broad discussion about who is responsible for security in radio systems, how they should be updated and what requirements should be.
“Communication is one of the most fundamental functions of our society. If we do not protect the radio systems as carefully as other digital infrastructure, we take major security risks” says Marcus Nohlberg.
About the study
The study is based on interviews with representatives from eleven Swedish organizations that use or own TETRA radio systems. These organizations make up about a third of the users in the country.
What is TETRA?
Radio communication means that sound, data or other information is sent wirelessly using radio waves. The technology is used in everything from everyday broadcasts to military communication. The TETRA radio communication standard is intended for organizations that need real-time radio communication for coordination of operations. The most well-known application in Sweden is Rakel, a state-owned national communication system for collaboration between, for example, the police, rescue services and other important actors.

Marcus Nohlberg, Associate Professor at the University of Skövde. Photo: Rebecka Thor
Publication
Marcus Dansarie & Marcus Nohlberg (2025): User adoption of TETRA mobile radio communication networks: an information security perspective, Information and Computer Security
Page information
- Published:
- 2025-06-19
- Last updated:
- 2025-06-25