Science and technology
Eavesdropping technology
Satellite spy
Feb 8th 2012, 16:11 by C.F. | BONN
EVEN as mobile phones are becoming a cheap utility hundreds of thousands of people continue to part with a pretty penny to talk to others in parts of the world that lack network coverage. Callers are prepared to pay as much as $14 to connect to a satellite phone in exchange for secure, reliable connections. (Ringing landlines from such devices can be less than one-tenth that.)
Security is often paramount, especially for souls dispatched to far-flung corners of the globe which are often war-torn, controlled by unsympathetic regimes, or both. No surprise, then, that like modern mobile phones, satellite gubbins come with built-in encryption. This makes it practically impossible for anyone monitoring the airwaves to eavesdrop on the calls.
Or does it? Researchers at Ruhr University Bochum, in Germany, think they have managed to crack two popular encryption protocols, known as A5-GMR-1 and A5-GMR-2. These are commonly used in the Thuraya satellite phones used across swathes of Africa, the Middle East and North Asia. (Thuraya has yet to respond to the revalations.) The researchers hope that their paper, published on their website, will help interested parties fix the flaw. More importantly, perhaps, it might prompt phone-makers to act.
"We can assume that this has probably been known about since the beginning of this century," says Benedikt Driessen, one of the authors of the new paper. He and his colleagues say that it takes about $2,000 worth of gear and half an hour to decipher a satellite phone call. With more computing power, it could be done in real time. Indeed, an Israeli company already offers just such a service commercially.
Those Thuraya customers particularly concerned with security can install end-to-end encryption software that adds one more layer of security, using another protocol, known as AES. (Government agencies, especially those dealing with security and intelligence, tend not to rely on commercially available encryption.) Alternatively, a Berlin-based company, Cryptophone, promises "end-to-end encrypted calls from and to mobile, fixed-line and satellite networks" and claims to be the only firm to provide secure phones that come with full source code available for independent review. No doubt someone will be flogging a crack for these tweaks soon.
In this blog, our correspondents report on the intersections between science, technology, culture and policy. The blog takes its name from Charles Babbage, a Victorian mathematician and engineer who designed a mechanical computer.
Advertisement
Babbage audio
- Analects | China
- Americas view | The Americas
- Babbage | Science and technology
- Bagehot's notebook | British politics
- Banyan | Asia
- Baobab | Africa
- Blighty | Britain
- Buttonwood's notebook | Financial markets
- Charlemagne's notebook | European politics
- Clausewitz | Defence, security and diplomacy
- Democracy in America | American politics
- Eastern approaches | Ex-communist Europe
- Elysée | France’s presidential election
- Free exchange | Economics
- Game theory | Sports
- Graphic detail | Charts, maps and infographics
- Gulliver | Business travel
- Johnson | Language
- Leviathan | Public policy
- Lexington's notebook | American politics
- Newsbook | News analysis
- Prospero | Books, arts and culture
- Schumpeter | Business and management
Most commented
- The euro in crisis: Groping towards Grexit
- Gay marriage: North Carolina begs the question too
- The euro crisis: The Greek run
- The euro crisis: Europe’s Achilles heel
- Renouncing citizenship: Did Eduardo Saverin do anything wrong?
- Should gay marriage be legal in America?
- Greek politics: Slouching towards the drachma
- Mitt Romney at Liberty University: An unnecessary speech
- Cartoon politics: Julia's world
- Brazil’s economy: A bull diminished
Over the past five days
Most recommended
- Lexington: Peter David
- The euro crisis: Europe’s Achilles heel
- J.P. Morgan’s trading mistakes: A billion here, a billion there
- Gay marriage: North Carolina begs the question too
- The future of customer support: Outsourcing is so last year
- Greece fails to form a government: Adrift
- Renouncing citizenship: Did Eduardo Saverin do anything wrong?
- Suppressing dissent: The emperor does know
- The euro in crisis: Groping towards Grexit
- Interplanetary internet: The orbit wide web
Over the past seven days
Advertisement
Readers' comments
The Economist welcomes your views. Please stay on topic and be respectful of other readers. Review our comments policy.
Sort:
The first rule, when you find yourself thinking about using AES, is don't use AES. It's not that the protocol isn't sound, but that the cryptological components of s secure system are just that - components. You need to get the rest right too; so many system designers think that strong crypto = magic wand. But get your key handling, storage management, process and IO protection wrong, and it's just a false sense of security. Bletchley Park relied on that. The strange business of Voda in Greece didn't have any crypto cracking at all.
Unless you know the entire chain between you and Bob is secure, assume this phone is tapped. Most people, including most in the industry, couldn't even describe what the complete chain is to any sort of detail.
When the girlfriend says "Yes" it sometimes means "Yes" or "No". Decipher that.
So, what does Iridium use? Inquiring handset owners want to know.
"No doubt someone will be flogging a crack for these tweaks soon."
A crack for AES? Good luck with that. AES has already been beat upon pretty hard, and it's solid.
A crack for one particular implementation of AES? More plausible, but still not nearly as likely as you claim.
Don't be an ass, of course Cryptophone provides the source code if they want to be taken seriously. It's an old and very well established theory that the secrecy should always be in the key, never in the machine, because the enemy will always get a machine sooner or later, it's called Kerckhoffs Principle: http://en.wikipedia.org/wiki/Kerckhoffs's_principle
Mobile cellular/tower phones are a lot more prevalent and susceptible than Satellite phones.
However the average cheap mobile uses sophisticated frequency hopping that makes eavesdropping difficult or near impossible. Signals are diced up to hundreds of users causing high noise to signal except to intended devices.
Can the same technology be re-employed to satellite phones?
North Asia? Does that = Siberia?
To be precise: on the Arctic ocean from the Bering strait (aka Imakpik, a sea strait close to Cape Dezhnev, Chukotka) to the Nova Zyemlya island. Don't get lost !