Satellite Phone Encryption Cracked 54
New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"
Re:Is sensible encryption really that hard? (Score:5, Informative)
The problem wasn't really the key exchange (which is also problematic as it uses the A3 authentication technique similar to SIM), but the actual cipher itself was weak.
As an example, you could use DHKE to exchange keys, but if you cipher is E(data) = ROT13(data^key), you have a problem.
Of course they didn't use that poor a cipher, but the cipher they did use was running in software on a dsp, so it had to be simple, so for GMR-1, they chose to XOR the data with a jittered LFSR (similar to GSM encryption). The techniques used to break GSM encryption apparently work great for GMR as well. I don't yet know many details about GMR-2, but it appears to have different weaknesses than GMR-1 (something related to being based on 8-bit math and incomplete key-data mixing).
However, yet they could have done better, but they probably just wanted something that could run on a low-power DSP that already existed on the phone.
Doesn't Matter (Score:5, Informative)
The original Motorola Iridium satellite phone has a NSA high-encryption pack available for it that fits in the back - this model with the DOD pack or a a more modern Iridium phone with another type of sleeve that I've never seen myself, is how secure communication is done over the Iridium network.
Not exactly (Score:3, Informative)
As sat spectrum is severely limited, GMR transmits nearly no frames with (unused) fixed plain text.
So deciphering it using known plaintext is more difficult than for GSM.
So Yeah, it took them one month since that :
http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html [events.ccc.de]
video :
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4 [speedpartner.de]
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4.torrent [speedpartner.de]