Security researchers break satellite phone encryption

Full details will be revealed in a new report due to be published on the university website in the next 24 hours: ‘Don’t trust satellite phones.’ Meanwhile, the researchers gave Infosecurity sight of the report’s abstract.

“We de­scri­be the de­tails of the re­co­very of the two al­go­rith­ms from fre­e­ly avail­able DSP-firm­ware up­dates for sat­pho­nes, which in­clu­ded the de­ve­lop­ment of a cust­om di­sas­sem­bler and tools to ana­ly­ze the code,” it says. “Per­haps so­mew­hat sur­pri­sin­gly, we found that the GMR-1 ci­pher can be con­s­i­de­red a pro­prie­ta­ry va­ri­ant of the GSM A5/2 al­go­rithm, whe­re­as the GMR-2 ci­pher is an en­t­i­re­ly new de­sign... A major fin­ding of our work is that the stream ciph­ers of the two exis­ting sa­tel­li­te phone sys­tems are con­s­i­der­a­b­ly wea­ker than what is sta­te-of- the-art in sym­me­tric cryp­to­gra­phy.”

A report in the Telegraph says that “Mr Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time.”

Bjoern Rupp, CEO at GSMK Cryptophone, warns that “This breakthrough has major implications for the military, civilians engaged on overseas operations, or indeed anyone using satellite phones to make sensitive calls in turbulent areas.” Since the broken ciphers are used by many geostationary satellite networks, each one covering vast geographical areas, it would be “easily possible to listen to a huge number of confidential satellite calls from your continent with only modest technical effort.”

The effect, he adds, “could pose a considerable threat to the armed forces and civilians alike,” and highlights “the need for strong end-to-end encryption.” 

It is also a wake-up call for ETSI, the organization that sets the telecommunications standards that it is time to stop obfuscating and start updating its satellite encryption.

What’s Hot on Infosecurity Magazine?