German Research Team: Satellite Phones Easy to Hack
At a university in Germany, a team of researchers claim that they have been able to crack the algorithm that allows for transmissions to be sent and received securely to and from satellite phones. There are two main standards that are used to protect and encrypt these calls from hackers, but the researchers in Germany have managed to decode them, which will allow them to intercept private phone conversations through phones. The attacks on the two standards, called GMR-1 and GMR-2, are thought by many to be the first in a series of attacks against satellite phone ciphers.
But don’t worry, the research team means no harm. The purpose of their hacking was to test the security standards and encryption used to protect satellite phone conversations. There won’t be any German scientists listening in on your satellite phone conversations, you can rest assured. The team was able to hack the phones by reverse engineering the ones that use GMR-1 and GMR-2 standards; upon the successful reverse engineering, the team found several cryptographic flaws and weaknesses. These weaknesses would allow a hacker to easily hack into a satellite phone without much issue; no advanced software or technical expertise required, any “average” hacker could easily gain access to a satellite phone and listen to all conversations held therein.
According to The Ministry of Defense, a hacking of the encryption standards of satellite phones using A5-GMR-1 and A5-GMR-2 encryption algorithms will not affect the usage of satellite phones by UK military. “All military users of mobile satellite communication systems are aware of the potential threats to such systems and are briefed explicitly that they are only authorized to pass unclassified information (both voice and data) over these systems,” an MoD spokeswoman said in an email statement. “Protected information is never sent over an unclassified system, unless it is being employed in conjunction with an accredited secure device.”
The findings of the German research team will be fully explained in greater detail in a paper to be presented at the IEEE Symposium on Security and Privacy 2012. The ability to hack these phones so easily is only the latest in a series of flaws found in proprietary encryption algorithms. The title of their report is simply “Don’t Trust Satellite Phones” and demonstrates how someone with a “suitably programmed computer” and software radio capable of receiving satellite frequencies can hack calls. These include ones made by disaster relief agencies and the military.
MI5 and the Secret Intelligence Service declined to comment on use of satellite phones by the intelligence services. “We have shown that we can decrypt communications secured according to the GMR-1 standard,” said the researchers. “As a proof-of-concept, we have intercepted our own downlink (i.e. data sent from the satellite) speech data in the Thuraya network.”
Following their work, the researchers recommend that users think twice before using satellite phones for private conversations.“Our results show that the use of satellite phones harbors dangers and the current encryption algorithms are not sufficient”, said Ralf Hund, the Chair for System Security at the Ruhr University Bochum.