Cryptographers : Satellite phones vulnerable to eavesdropping
Researchers at a German university claim to have cracked the algorithm that secures satellite phone transmissions. They have broken the encryption of the two main standards used to protect calls from satellite phones, giving them the ability to intercept conversations that are meant to be private. The attacks on the GMR-1 and GMR-2 standards are thought to be the first such work against the satellite phone ciphers.
After reverse engineering phones that use the GMR-1 and GMR-2 standards, the team discovered serious cryptographic weaknesses that allow attackers using a modest PC running open-source software to recover protected communications in less than an hour.
The Ministry of Defence has said a satellite phone crack of the A5-GMR-1 and A5-GMR-2 encryption algorithms crack by researchers will not affect UK military use of satellite phones. "All military users of mobile satellite communication systems are aware of the potential threats to such systems and are briefed explicitly that they are only authorised to pass unclassified information (both voice and data) over these systems," an MoD spokeswoman said in an email statement. "Protected information is never sent over an unclassified system, unless it is being employed in conjunction with an accredited secure device."
The findings, laid out in a paper (PDF) to be presented at the IEEE Symposium on Security and Privacy 2012, are the latest to poke holes in proprietary encryption algorithms. Their report is titled "Don't Trust Satellite Phones" and shows how someone with a "suitably programmed computer" and software radio capable of receiving satellite frequencies can hack calls. These include ones made by disaster relief agencies and the military.
MI5 and the Secret Intelligence Service (SIS) declined to comment on use of satellite phones by the intelligence services. "We have shown that we can decrypt communications secured according to the GMR-1 standard," said the researchers. "As a proof-of-concept, we have intercepted our own downlink (i.e. data sent from the satellite) speech data in the Thuraya network."
Following their work, the researchers recommend that users think twice before using satellite phones for private conversations."Our results show that the use of satellite phones harbours dangers and the current encryption algorithms are not sufficient", said Ralf Hund, the Chair for System Security at the Ruhr University Bochum.
