Satellite phone encryption hacked under one hour

For science, of course.

A group of researchers from the Horst Görtz Institute for IT-Security (HGI) at the Ruhr University Bochum (RUB) were commissioned by the European Telecommunications Standards Institute (ETSI) to crack the encryption algorithms of Satellite Telecoms.

The researchers used readily available hardware and open source software to crack the A5-GMR-1 encryption within 1 hour. All they used were two satellite phones, Thuraya SO-2510 and Inmarsat IsatPhone PRO that use the GMR-1 and GMR-2 algorithms for encryption. First they reconstructed the encryption algorithm from the firmware of each phone. They then created an antenna that was connected to a  USRP (programmable radio hardware) hooked up to a PC. The computer in turn was using GNURadio and OsmocomGMR to capture and decode the data.

Using this they created an attack on their call using their two satellite phones, to break the encryption algorithm. Admittedly they haven’t been able to eavesdrop on voice calls yet as the decoding of speech-codec requires manual workarounds. But SMS and Fax doesn’t require such codec, and work directly on the GMR-1 algorithms. “We were surprised by the total lack of protection measures, which would have complicated our work drastically,” said Carsten Willems of the Chair for System Security (Prof. Holz) at the RUB.

Esentially the researchers set out to prove that even one of the most “secure” forms of telecommunication isn’t actually safe. “Our results show that the use of satellite phones harbours dangers and the current encryption algorithms are not sufficient,” emphasized Ralf Hund of the Chair for System Security at the RUB. Currently there are now safeguards against the decoding of this encryption, and with more effort, it’s entirely possible to actually listen in on conversations.

The end result of the research: “Since users cannot rely on their security against interception, similar to the security of standard cell phones, they will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls.”

facebook google+ twitter Image Map
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s