56

When I make a call on my cellphone (on a GSM network), is it encrypted?

TildalWave
  • 10,801
  • 11
  • 45
  • 84
Ram Rachum
  • 1,998
  • 2
  • 17
  • 20

5 Answers5

36

For the most part[1] they are encrypted, but not sufficiently enough to be considered as safe, tap resistant encryption. GSM uses 64-bit A5/1 encryption that is weak, to say the least. $15 phone, 3 minutes all that’s needed to eavesdrop on GSM call article from ArsTechnica covers it pretty well IMO, if you care to read more about it.

However, it also depends on what you mean by GSM. What I mentioned above is true for what we usually mean as GSM (2G, or second generation protocols). 3G are generally considered slighly safer (for lack of a better word):

3G networks offer greater security than their 2G predecessors. By allowing the UE (User Equipment) to authenticate the network it is attaching to, the user can be sure the network is the intended one and not an impersonator. 3G networks use the KASUMI block cipher instead of the older A5/1 stream cipher. However, a number of serious weaknesses in the KASUMI cipher have been identified.

https://en.wikipedia.org/wiki/3G#Security

However:

Many operators reserve much of their 3G bandwidth for internet traffic, while shunting voice and SMS off to the older GSM network.

http://arstechnica.com/gadgets/2010/12/15-phone-3-minutes-all-thats-needed-to-eavesdrop-on-gsm-call/

[1] Unencrypted communication (flag A5/0) is also supported on GSM systems, and this encryption (or lack thereof) might be regulated by laws of different countries differently, or part of the carrier's policy not to use it. Some devices also display notifications to users when their calls will be encrypted and when not, but most probably felt it's hardly worth bothering notifying users, especially considering the strengths of various cypher suits in use with GSM protocols. See my reply to @HSN's comment below for more information.

TildalWave
  • 10,801
  • 11
  • 45
  • 84
  • 1
    year ago i was viewing a lecture on GSM security and spoofing , the lecturer said that each GSM chip has a flag that when its set on , it warns you when you are attempting to make a call on unencrypted network . he claimed that he hasn't seen a company that turns this bit on – HSN May 05 '13 at 02:32
  • 3
    @HSN - The encryption flag (`0` or `A5/0` for [unencrypted](http://cryptodox.com/A5/0)) notifies the end user on some mobiles/smartphones (older Nokia phones with a similar icon like web browsers for HTTP/HTTPS, and iOS 5 and up with a message dialog, to name a few ). Problem is, it's pretty much meaningless with encryption strengths of A5/1 and KASUMI. Some countries also [prohibit GSM operators from enabling encryption](http://irdial.com/blogdial/?p=3169) and some disable it for _"[other reasons](http://itsecuritypro.co.uk/2012/03/27/indian-gsm-networks-using-little-or-no-encryption/)"_. – TildalWave May 05 '13 at 02:55
  • 1
    For some additional information and entertainment: The [GSM: SRSLY?](http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html) lecture at 26C3 puts GSM security into perspective. – Chris Jun 07 '13 at 01:01
  • 2G and 3G are using [different frequencies](https://en.wikipedia.org/wiki/GSM#GSM_carrier_frequencies) (400/450/850/900/1800/1900 MHz for 2G depending on location and 2100 MHz for 3G, simpler). Therefore I guess that jamming 3G frequency would make most phones automatically switch to 2G unless explicitly disabled in their configuration. – WhiteWinterWolf Apr 27 '15 at 11:28
  • 1
    Because of the sentence "Many operators reserve much of their 3G bandwidth for internet traffic, while shunting voice and SMS off to the older GSM network.": using jamming you do not have to rely on luck regarding the operator behavior, even if the operator is willing to use 3G for voice and SMS you can still downgrade the communication security by forcing the cellphone to fallback to GSM anyway. – WhiteWinterWolf Apr 27 '15 at 12:48
  • As a reference, I just found that jamming 3G band in order to force cellphone to fallback on more exploitable 2G band is mentioned in [this Defcon video](https://www.youtube.com/watch?v=IQfWXv8RSmw#t=7m32s), so this a known way and definitively doesn't seem out of topic for me. – WhiteWinterWolf Apr 28 '15 at 13:32
12

Yes, all GSM calls use an A5/1 stream cipher. It has been found that this is fairily easy to decrypt using a Rainbow Table. Additionally, the FBI admits to intercepting all phone conversations in the US.

So yes, it is encrypted, and cell phone companies don't give a damn about your privacy. If you care about privacy, you should use RedPhone and TextSecure which is an open source projects by Whisper Systems (now apart of Twitter).

Kyle Rosendo
  • 3,965
  • 4
  • 18
  • 17
rook
  • 46,916
  • 10
  • 92
  • 181
  • 7
    @TildalWave I find the reference to sexual intercourse to be not nearly as offensive as the existence of service providers who do not care about their customers' privacy. – Ram Rachum May 05 '13 at 01:38
  • @TildalWave if this was a concern then surely these arbitrary sequences of bits would be altered in some fashion. – rook May 05 '13 at 01:42
  • @rook: Sorry, but what you wrote it simply not true: 1) they are not always encrypted 2) If encrypted there are at least two different ciphers used. – Andreas Florath May 08 '15 at 07:22
  • @Andreas Florath Yes, and the A5/1 stream cipher and its key scheduling is a total joke. GSM is one of the most obvious backdoors (well lit frontdoor?) that anyone can access for under $1,000. – rook May 08 '15 at 16:57
2

Yes, there is encryption features in GSM protocol. But many reports/news said it was cracked. So, voice privacy is not protected in GSM phone call. Must add on some encryptor (APP or hardware) to secure GSM call. Try AECall. It secure GSM Call. More details: http://mrhyper.blogspot.tw/2015/12/iphone-encrypt-phone-call_9.html

2

Calls over GSM might be encrypted. The phone and the base station initially agree whether to encrypt at all and if which algorithm to use. The phone sends a list of supported ciphering algorithms to the base station. The base station sends a 'Cipher Mode Settings' element (see GSM 04.08 Chapter 10.5.2.9) to the phone. This element holds one bit that marks if encryption should be used. If encryption should be used, there are three bits that define the used algorithm:

0 0 0 cipher with algorithm A5/1
0 0 1 cipher with algorithm A5/2
0 1 0 cipher with algorithm A5/3
0 1 1 cipher with algorithm A5/4
1 0 0 cipher with algorithm A5/5
1 0 1 cipher with algorithm A5/6
1 1 0 cipher with algorithm A5/7
1 1 1 reserved

Speaking of the security, there was a practical attack against A5/1 shown by Karsten Nohl. A5/2 is weak and was withdrawn by the GSMA (see Wikipedia). At least some providers nowadays support A5/3 (example: Deutsche Telekom in Germany or Proximus in Belgium). A5/3 is based on KASUMI that is also used for 3G. To my knowledge, A5/4 to A5/7 are not (yet) defined.

user
  • 7,670
  • 2
  • 30
  • 54
  • A5/4 is apparently KASUMI with a full 128-bit key (rather than A5/3 which is KASUMI with a 64-bit key expanded into 128 bits). – forest May 06 '18 at 02:18
1

No, GSM calls (and data traffic) are not always encrypted. 2G connections can be unencrypted as part of the 2G protocol and even if you have a 3G or 4G phone you still can make those unencrypted 2G calls.

In a perfect world all calls would be encrypted as you would expect providers to turn on 2G encryption. However, the encryption can be deciphered (see other answer) and it is easy to intercept calls though a rogue unencrypted 2G tower (see http://www.wired.com/2010/07/intercepting-cell-phone-calls/).

Jan H
  • 111
  • 3