Satellite phones are considered to be inherently secure and a safe way for people to talk without fear of someone listening in. This is the perception because the phones use encryption to encode the audio before it is transmitted and then decrypt it when it is received on the other end. It is all nice a seamless and the whole process leaves people feeling a little more secure.
The problem is that a research team from the Ruhr University Bochum in Germany have just blown a big hole in that sense of security with the announcement that they have broken the two common types of encryption used in the two types of satellite phone standards used around the world.
The secret encryption algorithms have been shown to be easily broken in sharp contrast to other more common encryption schemes, like AES and Blowfish. The researchers discovered this when they reverse engineered phones that use the GMR-1 and GMR-2 standards and found that even with a modest PC running open source software the encryption could be broken within an hour.
The team will be presenting their paper (PDF) to the IEEE Symposium on Security and Privacy 2012 but in it they say:
“Contrary to the practice recommended in modern security engineering, both standards rely on proprietary algorithms for (voice) encryption,” the researchers wrote in the paper. “Even though it is impossible for outsiders (like us) to decide whether this is due to historic developments or because secret algorithms were believed to provide a higher level of ‘security,’ the findings of our work are not encouraging from a security point of view.”
via Ars Technica
It seems, according to the team, that the main security principal behind the proprietary encryption algorithms being ‘secure’ was the fact that they were propriatary and ‘secret’ in the first place. As we have seen though this is often far from the case.
