A team from Ruhr University Bochum hacked into the encryption algorithms of the European Telecommunications Standards Institute in less than an hour, exposing significant weaknesses in the system that is used globally for satellite telephone encryption.

The algorithms were widely thought to provide user privacy and to facilitate confidential calls. The researchers’ work, however, has exposed the vulnerability of satellite phone communications systems to hacking, interception and potential eavesdropping.

Satellite phones are typically used in areas where other telephone communication is not available, such as in a war zone, in a developing country or on a ship at sea. The telephone connects via satellite directly to a radio, which then passes the call to a ground station and into the public telephone network. ETSI’s (News - Alert) encryption algorithms, A5-GMR-1 and A5-GMR-2, were considered to be solid until the Ruhr University Bochum researchers hacked them using two satellite phones.

To hack into the calls, the team reconstructed the encryption algorithm from each phone’s firmware. They created an antenna, hooked it up to programmable radio hardware and then connected it to a PC. The computer used OsmocomGMR and GNURadio to both capture and decode the data. After creating an attack on their call using the two satellite phones, they broke the algorithms within one hour.

“We were surprised by the total lack of protection measures, which would have complicated our work drastically,” said Carsten Willems of the Chair for System Security at the RUB. The researchers did not hack into the system enough to hear voice data because the decoding of speech codec requires manual workarounds. However, they could obtain SMS and fax because these systems work directly on GMR-1 algorithms.

Willems colleague, Ralf Hund, stated that “our results show that the use of satellite phones harbors dangers, and the current encryption algorithms are not sufficient. Since users cannot rely on their security against interception, similar to the security of standard cell phones, they will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls.”

The researchers pointed out that, as of right now, no alternative to current standards exists. Researchers also stated that they believe that the current closed-source nature of security aspects of communication technology is ineffective. Because information is only shown to a limited number of people, the systems receive a limited amount of scrutiny. Security-by-obscurity, as they call it, is a principle that should be discouraged.

Until ETSI creates new encryption algorithms, satellite phone users cannot assume that their calls are confidential. Researchers stated that they had informed authorities about their findings well in advance of publishing their study.