Are Satellite Phones Safe? New Attack Can Instantly Decrypt Calls

Security researchers in China have discovered a way to decrypt phone calls made using satellite phones. The new method of decryption can be done in fractions of a second, sparking new concerns surrounding the security of such communications.

The research was disclosed in a paper published by the researchers in the International Association for Cryptologic Research’s Cryptology ePrint Archive that builds upon previous research completed by German academics in 2012.

Read: Top 5 Free Encryption Messaging Apps To Keep Your Conversations Secure

The method discovered by the researchers focuses primarily on the encryption method used in Inmarsat satellite phones, a popular brand of global communication services based in the United Kingdom, and the GMR-2 algorithm that is used by many satellite phones on the market today to prevent eavesdropping from third-parties.

Researchers were able to effectively crack the encryption protocol by carrying out inversion attacks that are able to “reserve the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack requires hitting a 3.3GHz satellite stream thousands of times with an inversion attacks, which eventually produces the 64-bit encryption key that allows an attacker to decrypt communications and listen in to a conversation.

When carried out successfully, the attack can crack the call encryption in a fraction of a second, allowing the attacker to break into the call in real time.

Read: What Is SHA-1? Google Cracked A Fundamental Part Of Web Encryption

"This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication," the researchers said in the paper.

Such a vulnerability could present major concerns for those who rely on satellite phones for communications. The technology is often trusted in situations where security is of utmost important, including for military operations in war zones.

Matthew Green, a cryptography teacher at Johns Hopkins University, noted in a 2012 blog post that people in “underdeveloped rural areas” often use satellite phones as the “primary means of communicating with the outside world.”

An Inmarsat spokesperson told ZDNet that the company "immediately took action to address the potential security issue and this was fully addressed" when the original research was presented in 2012. The spokesperson said, "We are entirely confident that the issue...has been completely resolved and that our satellite phones are secure."

The breakthrough by researchers shows how important it is for security technology to evolve in order to stay ahead of the growing number of threats.

The apparent crack of the GMR-2 algorithm is just the latest example of a one-time standard-bearer falling. Earlier this year, Google cracked the SHA-1 encryption algorithm that was used on a majority of websites just a few years ago to secure communications between users and a site.