Researchers have uncovered a new attack method that can make encryption used in satellite communications unsecure.
A new attack method has reportedly been uncovered by Chinese researchers that allows satellite phone calls to be decrypted in “real time”, in some cases, within just a fraction of a second.
The new attack method is based on previous research by German academicians in 2012 and shows how the encryption used in satellite phones can be undone.
The research focused on the GMR-2 algorithm that is commonly used by modern-day satellite phones, including Inmarsat, to encrypt voice calls in an attempt to prevent eavesdropping.
Rather than building on the German researchers’ tactic of recovering the encryption key via a ‘plaintext’ attack, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly”.
The attack method helped researchers effectively reduce the search space for the 64-bit encryption key, which in turn made it easier to hunt for the decryption key, resulting in the encrypted data to be cracked within a fraction of a second.
“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules2 of the system in order to provide confidential communication,” researchers said in their paper, which was published earlier in the week.
ZDNet reported that a spokesperson for Inmarsat said that the firm “immediately took action to address the potential security issue and this was fully addressed” back in 2012.
“We are entirely confident that the issue… has been completely resolved and that our satellite phones are secure,” the spokesperson added.
“They seem to have optimized the 2012 attack so that it’s much faster and requires only about a dozen bytes of ‘known plaintext’,” said Matthew Green, a cryptography teacher at Johns Hopkins University
Green added that the attack was “fast enough to allow key recovery (and decryption) in real time if one could get the known plaintext.”
“From a scientific perspective, it’s a big advance,” Green said, adding that “from a practical perspective, it’s unclear. So maybe don’t trust satellite phone encryption. But I would have said the same thing in 2012.”