Satellite Phone Encryption Calls Can be Cracked in Fractions of a Second

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “
The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.
Source: The Hacker News