Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption IT

Satellite Phone Encryption Cracked 54

New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"
This discussion has been archived. No new comments can be posted.

Satellite Phone Encryption Cracked

Comments Filter:
  • by houstonbofh ( 602064 ) on Friday February 03, 2012 @06:45PM (#38922273)
    Now that the secret is out, just buy a used one off eBay from the NSA.
  • sony's psn botnet (Score:1, Insightful)

    by crutchy ( 1949900 )
    so they strung a few playstations together... PSN is really just a huge botnet that Sony uses to crack encryption of all sorts. How do you think they're going to sue (save) people that use SSH or VPN from illegally downloading pirated copies of "Not Another Teen Movie"?
    • PSN is really just a huge botnet that Sony uses to crack encryption of all sorts.

      Sony manufactured every device connected to PSN. They don't need a botnet as they have the proven manufacturing capability to build the hardware necessary.

  • by munozdj ( 1787326 ) on Friday February 03, 2012 @06:53PM (#38922345)
    These guys have once again proven that security through obscurity is not a sensible strategy. If the codes were published in due time, the flaw could have been found with enough time to allow for preventive measures to be deployed. (I know there are a lot of inferences in the sentence, but it seems plausible to me, taking into account what has happened with other algorithms (DES, anyone?))
    • by saleenS281 ( 859657 ) on Friday February 03, 2012 @07:08PM (#38922521) Homepage
      You're assuming they want it truly secure. Reality is governments around the world want backdoors.
    • by t4ng* ( 1092951 )
      Since GMR is GSM adapted for satellite communications, I'm guessing that the fall of GMR was inevitable since GSM has been cracked.
    • by slew ( 2918 ) on Friday February 03, 2012 @08:21PM (#38923159)

      (...taking into account what has happened with other algorithms (DES, anyone?))

      Not sure you really have a good example there. Apparently, the NSA helped IBM select the S-box for DES and didn't give any explaination for this. Contemporary cryptographers (e.g, Diffie and Hellman) were up-in-arms that the NSA was trying to put a backdoor into DES and questioned the secrecy of the development of the process. Little did they know that the NSA was just collaborating with IBM to avoid a potential weakness in the random S-boxes to be more robust against differential analysis attacks.

      Certainly as a general rule security through obscurity is not a great general strategy, however, DES probably isn't a good example to illustrate this since at the time, the NSA knew much more about breaking encryption than contemporary public cryptographers.

      To me, it's like you're a CPA/EA and letting your know-it-all teenager check over your tax return. Maybe they'd find some mistake or deduction that you didn't find, or maybe they will figure out how much money you make and want a raise in their allowance. It's a tradeoff for sure. But it isn't like taking your return to H&R Block and asking them to check it over. Maybe it's more like the H&R Block situation now, but with DES back in the 70's, it was sorta more like the teenager situation.

      • by AHuxley ( 892839 )
        Re : "IBM to avoid a potential weakness in the random S-boxes"
        http://cryptome.org/nsa-v-all.htm [cryptome.org] "For this reason IBM developed Lucifer* with a key 128 bits long. But before it submitted the cipher to the NBS, it mysteriously broke off more than half the key."
        "As a result of closed-door negotiations with officials of the NSA, IBM agreed to reduce the size of its key from 128 bits to 56 bits. The company also agreed to classify certain details about their selection of the eight S-boxes for the cipher." *Luc
  • I'm sure this violates some wiretapping laws - but how are "they" going to find out? No matter: the equipment and means to crack these calls will be outlawed, because only outlaws will have them.

  • Just record all the transmitted data and you can decrypt in half an hour. The cluster will just let you listen sooner but it's unnecessary.

    (i am assuming it doesn't do frequency hopping since it's working in a narrow satellite band).

  • by mark-t ( 151149 ) <markt.nerdflat@com> on Friday February 03, 2012 @07:26PM (#38922709) Journal

    Is it really so hard to use an encrypted key exchange, such as DHKE, to establish a completely private connection on something that you are broadcasting, and do not know who might be listening in?

    Such key exchanges practically scream "USE ME" for situations like encrypting anything being transmitted over the air, such as cell phone usage.

    Of course, it also means that the police wouldn't be able to listen in either without setting up a fake cell phone tower to be a MitM, at least not until somebody develops an other efficient algorithm to solve the discrete log problem, or unless they had a quantum computer on the job that is more powerful than any ever yet built,

    • by mcrbids ( 148650 )

      Of course, it also means that the police wouldn't be able to listen in either without setting up a fake cell phone tower to be a MitM

      I don't get it. Somehow, you seem to have missed that one of the main points of a key exchange is to protect you from a MITM attack? See: Certificates, how do they work? [tldp.org] You even said: "to establish a completely private connection on something that you are broadcasting, and do not know who might be listening in?"...

      Well, if they could do a MITM, wouldn't they be listening in?

      (cough)

      • by mark-t ( 151149 )
        You can't readily be an MitM for OTA broadcasts though, unless relays are involved, and you can guarantee to be able to fake one of the relays.
      • by mark-t ( 151149 )
        Oh, also, the purpose of a key exchange is *NOT* to protect you from an MitM. The purpose of a key exchange is to protect you from eavesdropping, since with a key exchange no unencrypted data *EVER* appears on the wire or in the broadcast. With an MitM, that wouldn't matter, since an MitM could intercept the communication and pretend to abide by the key exchange protocol for both sides, using the opportunity to actually acquire the encryption sequence that is to be used for the remainder of the transmiss
        • by emj ( 15659 )

          Basically
          * key exchange -> you need to be a man in the middle for every call.
          * public key/private key -> you just need to listen to the traffic, and decrypt it with keys acquire before or after listening.

          • I don't know what point you think you're making here.

            In the digital age, being a MitM for [i]every[/i] conversation of interest is very easy - if you can do it once, you can do it pretty much ad nauseum. The whole point of encryption is the fundamental recognition that modern communications let's just about anybody listen in, at any time, without too much trouble.

    • by slew ( 2918 ) on Friday February 03, 2012 @08:41PM (#38923301)

      The problem wasn't really the key exchange (which is also problematic as it uses the A3 authentication technique similar to SIM), but the actual cipher itself was weak.

      As an example, you could use DHKE to exchange keys, but if you cipher is E(data) = ROT13(data^key), you have a problem.

      Of course they didn't use that poor a cipher, but the cipher they did use was running in software on a dsp, so it had to be simple, so for GMR-1, they chose to XOR the data with a jittered LFSR (similar to GSM encryption). The techniques used to break GSM encryption apparently work great for GMR as well. I don't yet know many details about GMR-2, but it appears to have different weaknesses than GMR-1 (something related to being based on 8-bit math and incomplete key-data mixing).

      However, yet they could have done better, but they probably just wanted something that could run on a low-power DSP that already existed on the phone.

      • by mark-t ( 151149 )
        More probable is that they would use an RSA-based key exchange, which cannot ever be solved in polynomial time (because you never see either party's key in the transmission)
      • by tlhIngan ( 30335 )

        Of course they didn't use that poor a cipher, but the cipher they did use was running in software on a dsp, so it had to be simple, so for GMR-1, they chose to XOR the data with a jittered LFSR (similar to GSM encryption). The techniques used to break GSM encryption apparently work great for GMR as well. I don't yet know many details about GMR-2, but it appears to have different weaknesses than GMR-1 (something related to being based on 8-bit math and incomplete key-data mixing).

        Well, here are the problems.

  • Doesn't Matter (Score:5, Informative)

    by zulux ( 112259 ) on Friday February 03, 2012 @10:21PM (#38923897) Homepage Journal

    The original Motorola Iridium satellite phone has a NSA high-encryption pack available for it that fits in the back - this model with the DOD pack or a a more modern Iridium phone with another type of sleeve that I've never seen myself, is how secure communication is done over the Iridium network.

  • The encryption is a trade-off between performance and security. And you don't want too much lag caused by the encryption so that means it has to be relatively simple.

    And what this does is to allow the average person to eavesdrop on satellite calls in his/her area. It's something that at least some governments already have done for years. Or what do you think that Echelon [wikipedia.org] has been doing all these years?

  • What about setting up a project to do offer live listening to sat phone feeds at ohm2013.org?

One person's error is another person's data.

Working...