Two researchers, Benedikt Driessen and Ralf Hund, managed to break the proprietary ciphers used for satellite phones, GMR-1 and GMR-2. In a public talk about their discovery, the researchers said, "Don't trust satellite phones".
While satellite phones have been mostly replaced by GSM/CDMA phones in consumer markets, such telecommunications devices are still used today by governments, military, relief and non-governmental organizations, businesses and even individuals in remote locations where cell phone towers are not an option. According to the researchers, there are current several hundred thousand satellite phone subscribers.
The researchers were able to reverse engineer the cryptographic algorithms utilized by the phones after analyzing freely-available firmware intended for updating their DSP (digital signal processor) chips. Because the ciphers are completely mathematical and don't employ the use of private keys, anyone who can receive a satellite phone transmission and knows the cipher's algorithm can easily eavesdrop on an intentionally private conversation.
"Even though a niche market compared to the G2 and G3 mobile systems, there are several 100,000 satphone subscribers worldwide. Given the sensitive nature of some of their application domains (e.g., natural disaster areas or military campaigns), security plays a particularly important role for satphones. In this paper, we analyze the encryption systems used in the two existing (and competing) satphone standards, GMR-1 and GMR-2. The first main contribution is that we were able to completely reverse engineer the encryption algorithms employed. Both ciphers had not been publicly known previously. We describe the details of the recovery of the two algorithms from freely available DSP-firmware updates for satphones, which included the development of a custom disassembler and tools to analyze the code, and extending prior work on binary analysis to efficiently identify cryptographic code."
ETSI and Immarsat are the two companies responsible for the GMR-1 and GMR-2 stream cipher standards, respectively. The inherent flaw found within these systems appears to be their disregard for Kerchoff's Principle. This 129-year-old axiom basically states that in order to be truly secure, a cryptosystem should be effectively indecipherable even when the algorithms and processes to generate the obfuscation are exposed. To achieve this, cryptographers have typically employed the use of private keys. Private keys, which are only known by the sender and/or recipient(s), provide a way to "unlock" the encryption so that only intended parties can decipher the information. This thinking also allows open-source cryptosystems to be just as secure as their commercial counterparts even though the inner-workings of such systems are fully exposed to the public.
"The second main contribution lies in the cryptanalysis of the two proprietary stream ciphers. We were able to adopt known A5/2 ciphertext-only attacks to the GMR- 1 algorithm with an average case complexity of 232 steps. With respect to the GMR-2 cipher, we developed a new attack which is powerful in a known-plaintext setting. In this situation, the encryption key for one session, i.e., one phone call, can be recovered with approximately 50?65 bytes of key stream and a moderate computational complexity. A major finding of our work is that the stream ciphers of the two existing satellite phone systems are considerably weaker than what is state-of- the-art in symmetric cryptography."
Further analysis on the research and its implications can be found here.