23 February 2012

Some Comments on Satellite Phones

(There is now a follow-up to this post that digs into some of the details of GMR-1 transmissions. The (in)security implications are stunning.)

With the recent attack on journalists by Syrian troops, there has been a lot of discussion on the security of satellite phones, especially GMR, the technology used by Thuraya. Here are some basic facts on the security of GMR and satellite phones in general:
  • GMR uses geostationary satellites. Downlink signals from this system are visible over large areas of the Earth's surface, especially for someone looking at the sky with a dish antenna.
  • GMR handsets use wide-beam antennas. Uplink signals from the handsets are visible from space, not just at the serving satellite, but over really big regions of space, occupied by lots of other satellites.
  • Uplink signals from satellite phones are also visible on the ground in a vicinity of the handset, probably at ranges of several kilometers for interceptors with directional antennas. These handsets are easy to detect in a radio environment because they transmit distinctive patterns and are relatively rare (much rarer than cellular handsets, for instance). And any transmitter that can be detected can be located, using any of a number of techniques commonly practiced by most intelligence services.
  • The level of air interface security on GMR handsets is probably lower than on cellular handsets. But even if the air interface were absolutely secure, a GMR handset would still be easy to locate by it's distinctive radio signature.
  • GMR handsets include GPS receivers and transmit identity and location information to the network operator. These transmissions are completely in the clear, but even if they were encrypted, the network operator would have access to this information.
  • GMR encryption is not end-to-end, so the network operator normally has access to plaintext user traffic.
  • GMR handsets register with the network periodically, reporting identity and location, even when you are not "using" them.
  • Even if a GMR operator, as an organization, is sincerely dedicated to the security and privacy of its customers, it is difficult to completely protect a large organization from infiltration by criminal organizations or state intelligence services, through technical hacking, social engineering, bribery, blackmail, political/religious recruitment, etc.
  • Everything I just said about GMR is at least mostly true (if not completely true) of any civilian satellite telecom product and even a lot of military satcom systems.
  • Satellite phone users tend to be more interesting than the general population. Because satellite phones are relatively expensive and mostly used by international travelers, the conversations they carry tend to have interesting content, things that the users thought were important enough to spend real money talking about. So, for an intelligence service, eavesdropping on satellite phones is a more effective use of resources than eavesdropping on most other kinds of networks. They get less "mom and pop crap" and a lot more useful information.
  • In any given country, the users of satellite phones are mostly foreigners, who are often subject to a lower legal standard for eavesdropping, especially for international telephone calls.
Just some things to think about the next time you use your GMR phone, BGAN terminal, Iridium 2-way pager, etc., especially in a war zone. Regardless of encryption, authentication, etc., the mere existence of one of these radio signals sends a message to an observing military force: There's someone over there with fancy comms and it's not us. That can be a very dangerous message.

(David Burgess is a lead developer in the OpenBTS project and one of the founders of Range Networks.)




13 comments:

  1. yeppers
    gottit
    so shd ppl on obsolete technology devices be concerned
    even if the location feature has bern turned off?
    it has happened to ppl -- blutooth turned off but still actively contled by smarter ppl

    ReplyDelete
    Replies
    1. Mobile is a best way to communicating with any area of the world.Mobile Social networkMosork - Mobile Social Network. Find and connect with friends no matter where they are.

      Delete
  2. It's not about obsolete technology or the location feature. It's about the fact that you are transmitting a distinctive radio signal.

    ReplyDelete
  3. Also of interest with the security of sat phones crypto:

    Don’t Trust Satellite Phones: A Security Analysis of Two Satphone Standards

    Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz - IEEE Symposium on Security & Privacy (Oakland), 2012

    http://gmr.crypto.rub.de/paper/paper-1.pdf

    ReplyDelete
  4. Thanks for your informed comments.

    As in many other areas of IT security, the movement of packets themselves are as telling as their content.
    The phrase "There's someone over there with fancy comms and it's not us" says it all.

    ReplyDelete
  5. It is the same Paul, I talked to him about it just the other day. Great site, I really like it.

    Fta Receiver

    ReplyDelete
  6. Satellite phone are also the best option for the travelers.

    ReplyDelete
  7. sach a nice blog with beautiful post, i really like your post. keep it up.mobile phones

    ReplyDelete
  8. Thanks for the blog, great tips and information.324g mobiles
    ye aap post kar k dekhain blog par hota hai ya nhi

    ReplyDelete
  9. Sach a nice blog with beautiful post, i really like your post. keep it up.324g mobiles

    ReplyDelete
  10. This is a good article & good site.Thank you for sharing this article. It is help us following categorize:
    healthcare, e commerce, programming, it consulting, retail, manufacturing, CRM, digital supply chain management, Delivering high-quality service for your business applications,
    Solutions for all Industries,
    Getting your applications talking is the key to better business processes,
    Rapid web services solutions for real business problems,
    Web-based Corporate Document Management System,
    Outsourcing Solution,
    Financial and Operations Business Intelligence Solution,

    prologic-corp

    ReplyDelete
  11. Acetech IT consulting Company in Delhi offer the technical knowledge and can help your business get the most out of your technology. Why are Acetech IT consulting services truly the best? Visit Us to find out more.

    ReplyDelete
  12. custom software development and providing software maintenance services. They build up variety of software mostly focus on CMS, website development, Desktop & web application, Iphone apps, mobile apps for android, internet marketing and many more.

    ReplyDelete