Researchers at a university in Bochum, Germany claim to have cracked encryption algorithms of the European Telecommunications Standards Institute (ETSI) that are used to secure certain civilian satellite phone communications.
The Ruhr University Bochum’s (RUB) Horst Görtz Institute for IT-security issued an announcement detailing how researchers there have broken encryption algorithms known as A5-GMR-1 and A5-GMR-2 that are used to secure civilian communications between mobile phones and satellites based on the GMR-1 and GMR-2 satphone standards. The researchers explained that in some regions of the world standard cell phone communication is still not available, so “in war zones, developing countries and on the high seas, satellite phones are used instead.”
The group of RUB scientists there said they simply used generally-available phone equipment and found the crypto key and managed to break it fairly easily by analyzing the software running on the satphones, in this case the Thuraya SO-2510 and inmarsat IsatPhone PRO.
“We have performed mathematical analysis and discovered serious weaknesses, which is documented here,” the researchers note in their announcement. The RUB researchers include Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar, and Thorsten Holz.
According to the university’s announcement about their research, they used open-source software, a special antenna and a PC as part of the research to capture and demodulate speech data, and then processed the captured data through an implementation of an attack they’d conceived to break the crypto.
They did point out that in terms of real-world attacks, there were limits to their experiments. Although they say they can decrypt communications secured according to the GMR-1 standard, there were still some barriers that prevented a full disclosure of a voice conversation. Based on an experiment with the Thuraya network, which makes use of GMR-1, the researcher say they weren’t able to reproduce the voice conversation in their own downlink because the speech-codec for GMR-1 is “currently unknown, we were not able to actually reproduce the conversation that took place.”
The researchers said they had informed authorities well in advance of their announcement today. “Our results show that the use of satellite phones harbors dangers and the current encryption algorithms are not sufficient,” said Ralf Hund, chair of system security at RUB. The researchers indicated, “There is, as yet, no alternative to the current standards.”