Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Satellite Phone Encryption Cracked

Soulskill posted more than 2 years ago | from the our-fictional-military-characters-are-in-trouble dept.

Encryption 54

New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"

cancel ×

54 comments

Sorry! There are no comments related to the filter you selected.

Gay. (-1)

Anonymous Coward | more than 2 years ago | (#38922243)

n/t

Now that the secret is out... (2)

houstonbofh (602064) | more than 2 years ago | (#38922273)

Now that the secret is out, just buy a used one off eBay from the NSA.

Re:Now that the secret is out... (0)

Anonymous Coward | more than 2 years ago | (#38922471)

I'd bet the NSA already knew about it, and uses different/additional ciphers for their sat comms.

sony's psn botnet (1, Insightful)

crutchy (1949900) | more than 2 years ago | (#38922337)

so they strung a few playstations together... PSN is really just a huge botnet that Sony uses to crack encryption of all sorts. How do you think they're going to sue (save) people that use SSH or VPN from illegally downloading pirated copies of "Not Another Teen Movie"?

Re:sony's psn botnet (0)

Anonymous Coward | more than 2 years ago | (#38922807)

Yeah, 'cause downloading bad movies is more fun with 9,6kbps over iRIDIUM....

Re:sony's psn botnet (3, Funny)

BiggerIsBetter (682164) | more than 2 years ago | (#38922821)

Yeah, 'cause downloading bad movies is more fun with 9,6kbps over iRIDIUM....

It would probably be cheaper to make the movie than download it over iRIDIUM...

Re:sony's psn botnet (1)

crutchy (1949900) | more than 2 years ago | (#38923025)

they probably paid the actors with red cordial for that movie

Re:sony's psn botnet (1)

Dynedain (141758) | more than 2 years ago | (#38923117)

PSN is really just a huge botnet that Sony uses to crack encryption of all sorts.

Sony manufactured every device connected to PSN. They don't need a botnet as they have the proven manufacturing capability to build the hardware necessary.

Re:sony's psn botnet (0)

Anonymous Coward | more than 2 years ago | (#38923135)

But then they'd have to both eat the cost of production, and the cost of energy to run the units.

Re:sony's psn botnet (2)

crutchy (1949900) | more than 2 years ago | (#38923163)

PSN is like SETI@HOME, except that rather than volunteering for a worthy cause, you pay for a corporation to take advantage of you

Security through obscurity (5, Insightful)

munozdj (1787326) | more than 2 years ago | (#38922345)

These guys have once again proven that security through obscurity is not a sensible strategy. If the codes were published in due time, the flaw could have been found with enough time to allow for preventive measures to be deployed. (I know there are a lot of inferences in the sentence, but it seems plausible to me, taking into account what has happened with other algorithms (DES, anyone?))

Re:Security through obscurity (4, Insightful)

saleenS281 (859657) | more than 2 years ago | (#38922521)

You're assuming they want it truly secure. Reality is governments around the world want backdoors.

Re:Security through obscurity (1)

Anonymous Coward | more than 2 years ago | (#38922847)

You're assuming they want it truly secure. Reality is governments around the world want backdoors.

It also depends when the protocols were designed.

Today compute is cheap, and so more complex encryption algorithms are generally a no-brainer. However, if you go back just a few years, running complex algorithms would have sucked power (i.e., battery) at an unacceptable rate. The engineering trade off was between security and power (and perhaps throw in bulk as well, depending on the chip sizes in the pre-SoC days).

If one had a clean sheet design now, you'd probably go with AES and DH/RSA/elliptical curve, with SHA-2 for integrity. If a government wants to tap the phone they're able to quite easily do that via the wiretap infrastructure in place at landlines thanks to CALEA and other similar laws.

Re:Security through obscurity (4, Insightful)

hairyfeet (841228) | more than 2 years ago | (#38924837)

While i'm sure that is true to a point, everyone seems to forget just how fricking fast we jumped on computing power. When i first started toying with computers in the early 80s we measured memory in bytes and the multimillion dollar supercomputers had less computing power than that $8 calculator at Fred's. In just 30 years we went from computers measured in single digit MHz cost nearly as much as a car to being able to build a DIY PC for $1000 that could run every single major OS of the last 20 years at the same time. Hell just look at the beginning of this century, where we had just broken the GHz barrier and having 512Mb of RAM meant you had some cash to blow. Who would have thought then that just 12 years later we'd be looking at machines with dozens of CPUs and huge pools of RAM and hundreds of specialized graphical cores we could run our own code on?

The sat phone system IIRC was designed in the mid 80s and put up in the early 90s correct? i can see them simply not seeing the huge leaps that we would make nor would the tech of the time have been able to process crypto hard enough not to be at risk from these modern monsters. If we keep leaping ahead with regards to computing power as we have been these past 15 years I don't even want to think about how big and complex an encryption system you'll need to protect yourself from what the average geek will have sitting on his desk in 2030.

Re:Security through obscurity (1)

sudonim2 (2073156) | more than 2 years ago | (#38936577)

Iridium sats operate @200MHz [wikipedia.org] . My, nearly obsolete, cell phone is 2.5x as powerful as an Iridium satelite. That's why microsatelites are the future. They're cheap enough to send dozens up at once, which allows you to update the network more easily.

Re:Security through obscurity (1)

hairyfeet (841228) | more than 2 years ago | (#38937327)

Geez I've honestly thrown away computers 5 times that powerful because they were so wimpy i couldn't think of anything to do with them. i don't think the future is the microsat simply because smaller equals easier broken and with all the space junk we got whizzing around up there something the size of a pebble at that speed could fuck your microsat all to hell and add yet more debris.

No I think the answer will be that space tug idea we saw the other day and then doing like we would here on earth and simply changing out the guts. That way you could have the high powered antenna while still having an easily upgraded system. if the space tug gets built i could easily envision the ISS becoming a space garage, with the tug pulling all kinds of commercial and scientific sats in for repairs and upgrades. In the end this would probably be cheaper than the microsats simply because of all the replacements you'd have to do, both to failures and to damage. this way you could build some really powerful sats with simple "plug and play" style insides that could be swapped out with new chips and new capabilities. And on the plus side this would also allow us to get huge amounts of time out of sats that are simply too expensive to easily toss like Hubble. A win/win IMHO.

Re:Security through obscurity (0)

Anonymous Coward | more than 2 years ago | (#38930453)

The thing is, cell phone and satellite phone encryption is not end to end - it's just from the phone to the ground station on the other end of the satellite. Governments can use the same lawful intercept laws at that point in the network as they do on terrestrial networks.

While encryption is important for the over the air portion to protect against snoopers, governments have access to the unencrypted signal when it hits the ground. So it doesn't much matter to them how strong the encryption is.

Re:Security through obscurity (1)

t4ng* (1092951) | more than 2 years ago | (#38923007)

Since GMR is GSM adapted for satellite communications, I'm guessing that the fall of GMR was inevitable since GSM has been cracked.

Re:Security through obscurity (0)

Anonymous Coward | more than 2 years ago | (#38924525)

This.

I dunno why all you arm-chair cryptographers and web-dev computer "scientists" are harping on this story. GMR is just a GSM variant. Nothing really cryptographically fascinating to see here, just an awesome proof of concept based on the 2008/2009 GSM research.

Re:Security through obscurity (0)

Anonymous Coward | more than 2 years ago | (#38926123)

95% of slashdot reader's technical knowledge stops at being able to compile EMACS from source. That's why whenever any actually technical article pops up the comments section is full of misinformation, assorted anti-government paranoia, and 15 year old memes (LOL NETCRAFT CONFIRMED IT).

Not exactly (3, Informative)

stooo (2202012) | more than 2 years ago | (#38925047)

As sat spectrum is severely limited, GMR transmits nearly no frames with (unused) fixed plain text.
So deciphering it using known plaintext is more difficult than for GSM.

So Yeah, it took them one month since that :
http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html [events.ccc.de]

video :
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4 [speedpartner.de]
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4.torrent [speedpartner.de]

Re:Security through obscurity (4, Interesting)

slew (2918) | more than 2 years ago | (#38923159)

(...taking into account what has happened with other algorithms (DES, anyone?))

Not sure you really have a good example there. Apparently, the NSA helped IBM select the S-box for DES and didn't give any explaination for this. Contemporary cryptographers (e.g, Diffie and Hellman) were up-in-arms that the NSA was trying to put a backdoor into DES and questioned the secrecy of the development of the process. Little did they know that the NSA was just collaborating with IBM to avoid a potential weakness in the random S-boxes to be more robust against differential analysis attacks.

Certainly as a general rule security through obscurity is not a great general strategy, however, DES probably isn't a good example to illustrate this since at the time, the NSA knew much more about breaking encryption than contemporary public cryptographers.

To me, it's like you're a CPA/EA and letting your know-it-all teenager check over your tax return. Maybe they'd find some mistake or deduction that you didn't find, or maybe they will figure out how much money you make and want a raise in their allowance. It's a tradeoff for sure. But it isn't like taking your return to H&R Block and asking them to check it over. Maybe it's more like the H&R Block situation now, but with DES back in the 70's, it was sorta more like the teenager situation.

Re:Security through obscurity (2)

AHuxley (892839) | more than 2 years ago | (#38924331)

Re : "IBM to avoid a potential weakness in the random S-boxes"
http://cryptome.org/nsa-v-all.htm [cryptome.org] "For this reason IBM developed Lucifer* with a key 128 bits long. But before it submitted the cipher to the NBS, it mysteriously broke off more than half the key."
"As a result of closed-door negotiations with officials of the NSA, IBM agreed to reduce the size of its key from 128 bits to 56 bits. The company also agreed to classify certain details about their selection of the eight S-boxes for the cipher." *Lucifer was first sold as a cash-dispensing system.

Wiretapping (1)

evil_aaronm (671521) | more than 2 years ago | (#38922419)

I'm sure this violates some wiretapping laws - but how are "they" going to find out? No matter: the equipment and means to crack these calls will be outlawed, because only outlaws will have them.

Re:Wiretapping (1)

webmistressrachel (903577) | more than 2 years ago | (#38922731)

So next they will outlaw satellite dishes and computer clusters? How is Joe Sixpack going to watch Fox 'news' now?

Forget the cluster (1)

SpazmodeusG (1334705) | more than 2 years ago | (#38922443)

Just record all the transmitted data and you can decrypt in half an hour. The cluster will just let you listen sooner but it's unnecessary.

(i am assuming it doesn't do frequency hopping since it's working in a narrow satellite band).

Hitler did deciphered it. (-1)

Anonymous Coward | more than 2 years ago | (#38922537)

Hitler did deciphered it, now. Not?

Redundant stupidisms in written English (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38922687)

I'm so sick of reading gibberish like this:

"many (though not all)".

Is there a variety of "many" that doesn't mean "not all"?

Re:Redundant stupidisms in written English (1, Offtopic)

Abreu (173023) | more than 2 years ago | (#38922981)

It is almost, but not entirely unlike proper grammar.

Re:Redundant stupidisms in written English (1, Insightful)

somersault (912633) | more than 2 years ago | (#38923045)

Is there a variety of "many" that doesn't mean "not all"?

Yes. It's called "many". It means "a large number". You could say for example "Many humans live in the Solar system", even though none have ever lived outside of it.

Re:Redundant stupidisms in written English (0)

Grishnakh (216268) | more than 2 years ago | (#38923737)

Not that you know of, anyway.

Re:Redundant stupidisms in written English (0)

Anonymous Coward | more than 2 years ago | (#38926273)

Actually, we do. Any lifeforms that developed outside of our solar system would not be the same species, by definition. So yeah, all humans live here.

Re:Redundant stupidisms in written English (1)

gottspeed (2060872) | more than 2 years ago | (#38926635)

The genome landed on earth from somewhere else originally so its not a bad assumption that there are humans elsewhere too. Perhaps slightly different ones but humans none-the-less.

Re:Redundant stupidisms in written English (1)

somersault (912633) | more than 2 years ago | (#38929815)

Does this mean you classify every other form of life on Earth as "human" too? WTF.

And why do you talk as if Panspermia has been proven?

Re:Redundant stupidisms in written English (1)

Grishnakh (216268) | more than 2 years ago | (#38928539)

You don't know that. For all we know, some more-developed race, seeing the Native Americans were going to be wiped out by European settlers, grabbed a bunch of them and planted them on another planet to develop on their own and live in peace, and they're still out there.
http://en.memory-alpha.org/wiki/The_Paradise_Syndrome_(episode) [memory-alpha.org]

Obviously not very likely, but nevertheless, always a possibility. So it is possible, however ridiculously remote, that there's humans, developed on Earth, who are living outside the solar system.

Re:Redundant stupidisms in written English (0)

tsotha (720379) | more than 2 years ago | (#38924173)

I always translate that as "there's a number involved here, but we have no idea what it could be".

Is sensible encryption really that hard? (5, Insightful)

mark-t (151149) | more than 2 years ago | (#38922709)

Is it really so hard to use an encrypted key exchange, such as DHKE, to establish a completely private connection on something that you are broadcasting, and do not know who might be listening in?

Such key exchanges practically scream "USE ME" for situations like encrypting anything being transmitted over the air, such as cell phone usage.

Of course, it also means that the police wouldn't be able to listen in either without setting up a fake cell phone tower to be a MitM, at least not until somebody develops an other efficient algorithm to solve the discrete log problem, or unless they had a quantum computer on the job that is more powerful than any ever yet built,

Re:Is sensible encryption really that hard? (1)

mcrbids (148650) | more than 2 years ago | (#38923299)

Of course, it also means that the police wouldn't be able to listen in either without setting up a fake cell phone tower to be a MitM

I don't get it. Somehow, you seem to have missed that one of the main points of a key exchange is to protect you from a MITM attack? See: Certificates, how do they work? [tldp.org] You even said: "to establish a completely private connection on something that you are broadcasting, and do not know who might be listening in?"...

Well, if they could do a MITM, wouldn't they be listening in?

(cough)

EVERY PHONES ARE EVIL, ZIONIC. (0)

Anonymous Coward | more than 2 years ago | (#38923373)

I never had bought a phone, jokely (i did abandon it due to its useless).

Problem solved, period.

JCPM: don't let to your child to buy a phonezionic. Why were the govt's laws forcing you to reveal your personal data from your phone? It's the trap.

Re:Is sensible encryption really that hard? (2)

mark-t (151149) | more than 2 years ago | (#38924007)

You can't readily be an MitM for OTA broadcasts though, unless relays are involved, and you can guarantee to be able to fake one of the relays.

Re:Is sensible encryption really that hard? (2)

mark-t (151149) | more than 2 years ago | (#38924739)

Oh, also, the purpose of a key exchange is *NOT* to protect you from an MitM. The purpose of a key exchange is to protect you from eavesdropping, since with a key exchange no unencrypted data *EVER* appears on the wire or in the broadcast. With an MitM, that wouldn't matter, since an MitM could intercept the communication and pretend to abide by the key exchange protocol for both sides, using the opportunity to actually acquire the encryption sequence that is to be used for the remainder of the transmission. You can't do that if you're only eavesdropping, because you're not actually sending any counterfeit data into the system.

Re:Is sensible encryption really that hard? (1)

emj (15659) | more than 2 years ago | (#38925269)

Basically
* key exchange -> you need to be a man in the middle for every call.
* public key/private key -> you just need to listen to the traffic, and decrypt it with keys acquire before or after listening.

Re:Is sensible encryption really that hard? (1)

Electricity Likes Me (1098643) | more than 2 years ago | (#38925679)

I don't know what point you think you're making here.

In the digital age, being a MitM for [i]every[/i] conversation of interest is very easy - if you can do it once, you can do it pretty much ad nauseum. The whole point of encryption is the fundamental recognition that modern communications let's just about anybody listen in, at any time, without too much trouble.

Re:Is sensible encryption really that hard? (1)

mark-t (151149) | more than 2 years ago | (#38926973)

How do be a MitM on a radio transmission?

Re:Is sensible encryption really that hard? (4, Informative)

slew (2918) | more than 2 years ago | (#38923301)

The problem wasn't really the key exchange (which is also problematic as it uses the A3 authentication technique similar to SIM), but the actual cipher itself was weak.

As an example, you could use DHKE to exchange keys, but if you cipher is E(data) = ROT13(data^key), you have a problem.

Of course they didn't use that poor a cipher, but the cipher they did use was running in software on a dsp, so it had to be simple, so for GMR-1, they chose to XOR the data with a jittered LFSR (similar to GSM encryption). The techniques used to break GSM encryption apparently work great for GMR as well. I don't yet know many details about GMR-2, but it appears to have different weaknesses than GMR-1 (something related to being based on 8-bit math and incomplete key-data mixing).

However, yet they could have done better, but they probably just wanted something that could run on a low-power DSP that already existed on the phone.

Re:Is sensible encryption really that hard? (1)

mark-t (151149) | more than 2 years ago | (#38924025)

More probable is that they would use an RSA-based key exchange, which cannot ever be solved in polynomial time (because you never see either party's key in the transmission)

Re:Is sensible encryption really that hard? (2)

tlhIngan (30335) | more than 2 years ago | (#38924923)

Of course they didn't use that poor a cipher, but the cipher they did use was running in software on a dsp, so it had to be simple, so for GMR-1, they chose to XOR the data with a jittered LFSR (similar to GSM encryption). The techniques used to break GSM encryption apparently work great for GMR as well. I don't yet know many details about GMR-2, but it appears to have different weaknesses than GMR-1 (something related to being based on 8-bit math and incomplete key-data mixing).

Well, here are the problems.

First, the equipment and standards were designed in the 1990's with 1990's level embedded processors (think 386 and lower). You had a battery that had to last a pretty decent time because a lot of people carry satphones for emergency use (hikers, pilots, sailors, etc), so your processor has to basically be a fleapower one. This is especially considering the satellite is far away and you have to use a fair bit of power to reach it, which means a lot of battery power and less power for the electronics.

Oh yeah, the final bitstream is probably operating at 9600bps, and your encryption routine must work in real time on the embedded processor. This was also before dedicated cryptographic processors and accellerator hardware were readily available in embedded processors. So you must do it in software whilst handling all the other tasks at the same time.

GSM has the same problem. These algorithms were designed for computational efficiency and simplicity more than absolute protection. Reason being that once the call is over, it's over. The key won't be used again, the location of the phone is moving so people can't really capture long stretches of signal, etc.

For a satphone, receiving one end is easy due to the large footprint compared to a cellphone.

Doesn't Matter (5, Informative)

zulux (112259) | more than 2 years ago | (#38923897)

The original Motorola Iridium satellite phone has a NSA high-encryption pack available for it that fits in the back - this model with the DOD pack or a a more modern Iridium phone with another type of sleeve that I've never seen myself, is how secure communication is done over the Iridium network.

Forget that (0)

Anonymous Coward | more than 2 years ago | (#38924031)

Can we use the technology to make a free cell phone? It seems so silly that we have to pay so much to use these devices.

Re:Forget that (2)

OrangeTide (124937) | more than 2 years ago | (#38925499)

yea total rip off. Paying for a network that scales by about $5m for every 1000 concurrent callers you wish to add to your network should be free.

Not surprising. (1)

Z00L00K (682162) | more than 2 years ago | (#38924849)

The encryption is a trade-off between performance and security. And you don't want too much lag caused by the encryption so that means it has to be relatively simple.

And what this does is to allow the average person to eavesdrop on satellite calls in his/her area. It's something that at least some governments already have done for years. Or what do you think that Echelon [wikipedia.org] has been doing all these years?

ohm2013.org idea? (1)

anonieuweling (536832) | more than 2 years ago | (#38926597)

What about setting up a project to do offer live listening to sat phone feeds at ohm2013.org?

He told it to WHAT? (0)

Anonymous Coward | more than 2 years ago | (#38954775)

Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000.

Wait, he figured out a new way to tap phone calls, and he told a British newspaper?! Oh, well done, sir.

(All right, the Telegraph is a long way from News of the World, but still...)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>