D.Evans via the U.N. Foundation / File photo
After the 2010 earthquake in Haiti, free, satellite-based phone calls were made possible by T?l?coms Sans Fronti?res and the U.N. Foundation?Vodafone Foundation Technology Partnership.
By Suzanne Choney
Satellite telephones, which are employed by military and emergency relief organizations, and used in places where mobile phone service is not available, have until now been considered?secure from eavesdropping. They are not, say two researchers who cracked the security used in some sat phone systems.
In a paper bluntly called "Don't Trust Satellite Phones," researchers Benedikt Driessen and Ralf Hund say they reverse-engineered the encryption algorithms used by the European Telecommunications Standards Institute.
"In less than an hour, and with simple equipment, they found the crypto key which is needed to intercept telephone conversations," said German-based Horst G?rtz In?sti?tu?te for IT-Security at Ruhr University Bochum. "Using open-source software and building on their previous research results, they were able to exploit the security weaknesses."
In their report, the researchers said they used commercially available equipment and "randomly selected two widely used satellite phones" that use the GMR-1 and GMR-2 standards.
A "simple firmware update (to the phones) was then loaded from the provider's website for each phone and the encryption mechanism reconstructed," the institute said. "Based on the analysis, the encryption of the GMR-1 standard demonstrated similarities to the one used in GSM, the most common mobile phone system."
?Since the GSM cipher had already been cracked, we were able to adopt the method and use it for our attack,? said Driessen.
To verify the results, the researchers recorded their own sat phone conversations, and "developed a new attack based on the analysis."
"We were surprised by the total lack of protection measures," said Carsten Willems of Ruhr University Bochum.
?Our results show that the use of satellite phones harbors dangers and the current encryption algorithms are not sufficient," said Hund.
The researchers say they want satellite phone users to know that they can't rely on "security against interception, similar to the security of standard cellphones," and that security-conscious users "will have to wait for the development of new technologies and standards, or make use of other means of communication for confidential calls."
The researchers' work will be presented in May at the IEEE Symposium on Security & Privacy. But they aren't waiting that long to share their findings with those who need to know. They say they also "contacted and informed authorities well in advance" of the study's public release.
? via Ars Technica
Related stories:
Check out Technolog, Gadgetbox, Digital Life and In-Game on?Facebook,?and on Twitter, follow Suzanne Choney.
tebow broncos ben roethlisberger downton abbey season 2 2013 dodge dart kwame brown shameless martin luther king day
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.