Scientists break satellite telephony security standards

Feb 08, 2012

Satellite telephony was thought to be secure against eavesdropping. German researchers at the Horst Gortz Institute for IT-Security (HGI) at the Ruhr University Bochum (RUB) have cracked the encryption algorithms of the European Telecommunications Standards Institute (ETSI), which is used globally for satellite telephones, and revealed significant weaknesses. In less than an hour, and with simple equipment, they found the crypto key which is needed to intercept telephone conversations. Using open-source software and building on their previous research results, they were able to exploit the security weaknesses.

In some regions of the world standard cell is still not available. In war zones, developing countries and on the high seas, satellite phones are used instead. Here, the telephone is connected via radio directly to a satellite. This passes the incoming call to a station on the ground. From there, the call is fed into the public telephone network. So far this method, with the ETSI's encryption algorithms A5-GMR-1 and A5-GMR-2, was considered secure.

For their project, the interdisciplinary group of researchers from the areas of Embedded and System Security used commercially available equipment, and randomly selected two widely used satellite phones. A simple was then loaded from the provider's website for each phone and the encryption mechanism reconstructed. Based on the analysis, the encryption of the GMR-1 standard demonstrated similarities to the one used in GSM, the most common mobile phone system. "Since the GSM cipher had already been cracked, we were able to adopt the method and use it for our attack", explained Benedikt Driessen, of the Chair for Embedded Security at the RUB. To verify the results in practice, the research group recorded their own satellite and developed a new attack based on the analysis. "We were surprised by the total lack of protection measures, which would have complicated our work drastically", said Carsten Willems of the Chair for System Security at the RUB.

Encryption algorithms are implemented to protect the privacy of the user. "Our results show that the use of satellite phones harbours dangers and the current encryption algorithms are not sufficient", emphasized Ralf Hund of the Chair for System Security at the RUB. There is, as yet, no alternative to the current standards. Since users cannot rely on their security against interception, similar to the security of standard cell phones, they will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls.

Explore further: UT Dallas professor to develop framework to protect computers' cores

More information: Details of the HGI results are available online at: gmr.crypto.rub.de

Provided by Ruhr-University Bochum

5 /5 (3 votes)

Related Stories

German researchers break W3C XML encryption standard

Oct 19, 2011

Standards are supposed to guarantee security, especially in the WWW. The World Wide Web Consortium (W3C) is the main force behind standards like HTML, XML, and XML Encryption. But implementing a W3C standard does not mean ...

Guide to breaking cell phone security revealed

Dec 30, 2009

(AP) -- A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cell phone users ...

GSM phones -- call them unsafe, says security expert

Dec 27, 2011

(PhysOrg.com) -- A German security expert has issued a warning that billions of mobile phone users who depend on GSM networks are vulnerable to having their personal mail hacked. He blames the problem on network ...

GSM system about to be compromised

Dec 08, 2009

(PhysOrg.com) -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile ...

Recommended for you

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...