A group of researchers from the Horst Görtz Institute for IT-Security (HGI) at the Ruhr University Bochum (RUB) were commissioned by the European Telecommunications Standards Institute (ETSI) to crack the encryption algorithms of Satellite Telecoms.
The researchers used readily available hardware and open source software to crack the A5-GMR-1 encryption within 1 hour. All they used were two satellite phones, Thuraya SO-2510 and Inmarsat IsatPhone PRO that use the GMR-1 and GMR-2 algorithms for encryption. First they reconstructed the encryption algorithm from the firmware of each phone. They then created an antenna that was connected to a USRP (programmable radio hardware) hooked up to a PC. The computer in turn was using GNURadio and OsmocomGMR to capture and decode the data.
Using this they created an attack on their call using their two satellite phones, to break the encryption algorithm. Admittedly they haven’t been able to eavesdrop on voice calls yet as the decoding of speech-codec requires manual workarounds. But SMS and Fax doesn’t require such codec, and work directly on the GMR-1 algorithms. “We were surprised by the total lack of protection measures, which would have complicated our work drastically,” said Carsten Willems of the Chair for System Security (Prof. Holz) at the RUB.
Esentially the researchers set out to prove that even one of the most “secure” forms of telecommunication isn’t actually safe. “Our results show that the use of satellite phones harbours dangers and the current encryption algorithms are not sufficient,” emphasized Ralf Hund of the Chair for System Security at the RUB. Currently there are now safeguards against the decoding of this encryption, and with more effort, it’s entirely possible to actually listen in on conversations.
The end result of the research: “Since users cannot rely on their security against interception, similar to the security of standard cell phones, they will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls.”