H-Online: Researchers at Ruhr-Universität Bochum in Germany have announced that they have cracked the A5-GMR-1 and A5-GMR-2 encryption algorithms used in satellite phones. Satellite phones are mainly used in areas with insufficient mobile network coverage and in the maritime sector.
The researchers obtained the proprietary, and previously undocumented, algorithms by reverse engineering phone firmware updates. Ideally this, in itself, should not compromise the security of the transmitted data. Data security should not depend on the secrecy of the encryption methods, it should only depend on the non-disclosure of the secret key that is being used.
However, subsequent analysis exposed vulnerabilities in both algorithms that make concrete attacks viable. For example, A5-GMR-1 was found to be a slightly modified version of A5/2, which is used in GSM and was cracked in 2003. The existing attack scenario could be adapted for the satellite version without much effort. In A5-GMR-2, the researchers found a vector for a known-plaintext attack.
The researchers presentations, publications and reconstructed C implementations of the algorithms are all available from their web site.