Researchers crack satellite encryption

Researchers at a university in Bochum, Germany claim to have cracked encryption algorithms of the European Telecommunications Standards Institute (ETSI) that are used to secure certain civilian satellite phone communications.

More news: Hacking stunt: stealing smartphone crypto keys using plain old radio

The Ruhr University Bochum's (RUB) Horst Görtz Institute for IT-security today issued an announcement detailing how researchers there have broken encryption algorithms known as A5-GMR-1 and A5-GMR-2 that are used to secure civilian communications between mobile phones and satellites based on the GMR-1 and GMR-2 satphone standards. The researchers explained that in some regions of the world standard cell phone communication is still not available, so "in war zones, developing countries and on the high seas, satellite phones are used instead."

The group of RUB scientists there said they simply used generally-available phone equipment and found the crypto key and managed to break it fairly easily by analyzing the software running on the satphones, in this case the Thuraya SO-2510 and inmarsat IsatPhone PRO.

"We have performed mathematical analysis and discovered serious weaknesses, which is documented here," the researchers note in their announcement. The RUB researchers include Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar, and Thorsten Holz.

According to the university's announcement about their research, they used open-source software, a special antenna and a PC as part of the research to capture and demodulate speech data, and then processed the captured data through an implementation of an attack they'd conceived to break the crypto.

They did point out that in terms of real-world attacks, there were limits to their experiments. Although they say they can decrypt communications secured according to the GMR-1 standard, there were still some barriers that prevented a full disclosure of a voice conversation. Based on an experiment with the Thuraya network, which makes use of GMR-1, the researcher say they weren't able to reproduce the voice conversation in their own downlink because the speech-codec for GMR-1 is "currently unknown, we were not able to actually reproduce the conversation that took place."

The researchers said they had informed authorities well in advance of their announcement today. "Our results show that the use of satellite phones harbors dangers and the current encryption algorithms are not sufficient," said Ralf Hund, chair of system security at RUB. The researchers indicated, "There is, as yet, no alternative to the current standards."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

More about IDGLANThuraya

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts