Satelite phones long a standby of activists, human rights and aid workers stationed in hostile environments including China, Burma, and Cambodia have been regarded as a secure means of communication but two researchers in Germany using basic technology took less than an hour to decrypt the European protocol for satelite phones.
The news is disturbing for those working in sensitive areas and particularly people whom rely on them to get news reports out of areas under heavy censorship or as a last resort in case of abduction or serious physical danger.
In a paper bluntly called “Don’t Trust Satellite Phones,” researchers Benedikt Driessen and Ralf Hund say they reverse-engineered the encryption algorithms used by the European Telecommunications Standards Institute.
Ezine Ars Technica which covers technology issues says the satellite telephones, had until now been considered secure from eavesdropping. They are not, say two researchers who cracked the security used in some sat phone systems.
MSNBC’s Technolog quoted German-based Horst Görtz Institute for IT-Security at Ruhr University Bochum as reporting that “in less than an hour, and with simple equipment, they found the crypto key which is needed to intercept telephone conversations,”
”Using open-source software and building on their previous research results, they were able to exploit the security weaknesses.”
In their report, the researchers said they used commercially available equipment and “randomly selected two widely used satellite phones” that use the GMR-1 and GMR-2 standards.
A “simple firmware update (to the phones) was then loaded from the provider’s website for each phone and the encryption mechanism reconstructed,” the institute said. “Based on the analysis, the encryption of the GMR-1 standard demonstrated similarities to the one used in GSM, the most common mobile phone system.”
To verify the results, the researchers recorded their own sat phone conversations, and “developed a new attack based on the analysis.”
“We were surprised by the total lack of protection measures,” said Carsten Willems of Ruhr University Bochum.
“Our results show that the use of satellite phones harbors dangers and the current encryption algorithms are not sufficient,” said Hund.
The researchers say they want satellite phone users to know that they can’t rely on “security against interception, similar to the security of standard cellphones,” and that security-conscious users “will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls.”
The researchers’ work will be presented in May at the IEEE Symposium on Security & Privacy. But they aren’t waiting that long to share their findings with those who need to know. They say they also “contacted and informed authorities well in advance” of the study’s public release.