Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in "real time" -- that too in mere fractions of a second in some cases.
The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone's encryption can be cracked so quickly that attackers can listen in on calls in real time.
The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.
Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of 'plaintext' attacks, the Chinese researchers attempted to "reverse the encryption procedure to deduce the encryption-key from the output keystream directly."
The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.
The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.
Such attacks could pose a significant threat to satellite phone users' privacy.
The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone's encryption can be cracked so quickly that attackers can listen in on calls in real time.
The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.
Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of 'plaintext' attacks, the Chinese researchers attempted to "reverse the encryption procedure to deduce the encryption-key from the output keystream directly."
The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.
"This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher," the research paper reads. "The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s."According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.
The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.
Such attacks could pose a significant threat to satellite phone users' privacy.
"Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks," researchers said.
"This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication," researchers concluded.The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled "A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones."