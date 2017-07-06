New Attack Can Now Decrypt Satellite Phone Calls in 'Real Time' (zdnet.com) 16
Chinese researchers have discovered a way to rapidly decrypt satellite phone communications -- within a fraction of a second in some cases. From a report on ZDNet: The paper, published this week, expands on previous research by German academics in 2012 by rapidly speeding up the attack and showing that the encryption used in popular Inmarsat satellite phones can be cracked in "real time." Satellite phones are used by those in desolate environments, including high altitudes and at sea, where traditional cell service isn't available. Modern satellite phones encrypt voice traffic to prevent eavesdropping. It's that modern GMR-2 algorithm that was the focus of the research, given that it's used in most satellite phones today. The researchers tried "to reverse the encryption procedure to deduce the encryption-key from the output keystream directly," rather than using the German researchers' method of recovering an encryption key using a known-plaintext attack. Using their proposed inversion attack thousands of time on a 3.3GHz satellite stream, the researchers were able to reduce the search space for the 64-bit encryption key, effectively making the decryption key easier to find. The end result was that encrypted data could be cracked in a fraction of a second.
Some variant of Diffie-Helman key exchange would probably do quite nicely... MitM attacks are typically considered the biggest weakness of DHKE, but with wireless communication, there's no opportunity for a man in the middle attack.
It may involve a firmware update, but it still seems doable.
Of course, if somebody installs some malicious software on the satellite, then snooping via MitM attack becomes possible that way.... Ideally, the people that run the satellite have secured it against such intrusi
I seriously doubt doing updates to the phones is a problem at all, I'll bet they push updates all the time. Satellites are routinely updated and I'm guessing is not a serious problem.
What really will be the problem is the common encryption problem of key distribution... Unless you can hide the keys from disclosure, your goose is cooked...
Why would you need to update the satellite? Typically, a satellite just relays traffic between a ground station and a particular device. It shouldn't need to understand the traffic, so all the encryption should be handled by the ground station on the other end of the satellite hop.
Not really.
I'm sure the satellites are constantly being updated for one reason or another. If your $20 tablet gets firmware updates, you can be sure a multi-million-dollar satellite used for worldwide communication does too. Just of a higher quality.
Phones might be trickier, but not because of firmware, because they may just not have the oomph to encrypt things betters in real-time.
To be honest, anyone using them and expecting a real sense of security (because, after all, the satellite company and any num
In other words, not new... (Score:5, Interesting)
If this is what Chinese academics are publishing now, I wonder how long this has been possible in less-publicized circles.
Everybody knows that certain governments buy up crypto expertise as soon as the ink on the PhD dries. Or sooner, in some cases.
