CryptoPhone

CryptoPhones are secure mobile and desktop phones designed to prevent anyone from listening in on your calls and messages. To set up an end-to-end encrypted secure call or communicate by encrypted messaging, both parties need to use a CryptoPhone.

We designed GSMK CryptoPhones to offer security against anyone who tries to listen into your calls or intercept your messages, both from inside the telephone network and over the air. GSMK CryptoPhones provide end-to-end security so the call or message is fully encrypted all the way between the two CryptoPhones involved in a call.

Today’s complex telephone systems make it impossible to predict what path a communication link will take inside the network. Calls and messages are, for instance, routinely transported over unencrypted directional microwave radio links that are subject to easy interception with simple equipment. In order to save costs, calls are frequently routed through networks or operators that might have dubious security standards. The confidentiality of your most important projects might get compromised by a single corrupt phone company employee.

There exist devices known as “IMSI-Catchers” which allow anyone in proximity to the victim to intercept mobile phone calls and messages. IMSI-Catchers are readily available on the market and are being used with increasing frequency.

All these threats can be countered by using a CryptoPhone.

If you are handling sensitive information which if leaked could possibly endanger or damage either your own organization or your clients or partners, then a CryptoPhone is right for you. If you have to talk about sensitive and important transactions on the phone or you often fear “let’s hope that this call has not been intercepted by someone”, then a CryptoPhone is right for you.

GSMK has a broad customer base in over 50 countries. Depending on geographical area, typical customers are corporate executives, lawyers, bankers, mergers & acquisition specialists, consultants (management, tax, security), journalists, law enforcement officers, militaries, civilian government organizations, NGOs, and regular people who want to communicate in private.

In Internet Protocol (IP)-based communications, due to mobile devices not being directly addressable because of large-scale network address translation (NAT) and dynamic IP address reallocation, switching servers are required for phones to be able to reach each other. In the GSMK CryptoPhone IP system, servers exclusively provide call switching and presence services. They are not involved in the call and message encryption process, since communication between GSMK CryptoPhones is always end-to-end encrypted. All voice and message encryption functionality thus resides exclusively on the users’ phones. This ensures that even if a GSMK CryptoPhone IP server were captured by hostile elements, it would remain impossible to compromise the security of encrypted communications.

We distinguish between the public CryptoPhone IP infrastructure and private self-hosted infrastructures for larger organizations.

When you purchase e.g. a pair of CryptoPhones, you can directly start making secure calls and exchange encrypted messages. Traffic is routed by GSMK’s public servers which are distributed across the globe. This makes it possible that all you need to use a CryptoPhone is a public CryptoPhone number in order to connect with another CryptoPhone device. Note again that all communication is end-to-end encrypted, so GSMK has no access to your data.

We also offer private on-premise CryptoPhone IP infrastructures. Larger organizations often want to have full control about their communication systems and hence their corresponding servers in order to set up closed user groups that cannot be reached from the public network. We help these customers to set up a self-hosted CryptoPhone infrastructure based on our CPIP server system. Such customers then take care of the entire system on their own, without any access or network management being provided by GSMK.

Covering the full spectrum of voice encryption, secure messaging, and mobile device security, GSMK CryptoPhones offer true 360-degree protection in an easy-to-use package unmatched by any other product on the global market.

GSMK CryptoPhones are very easy to use.

The source code of the firmware can be inspected to verify correct implementation and the absence of backdoors.

GSMK CryptoPhones have been developed without any government interference, they do not provide any third party access to the encrypted communication, and do not rely on pre-loaded key material. They put the trust where it belongs: in your own hands.

Our products are also affordable, so that communications security does not have to be a luxury.

The team that designed and produces GSMK CryptoPhones has spent the better part of two decades thinking about it. During this time, we have repeatedly brainstormed with the top security people around the globe on how to do it right. One thing was clear from the start: The computer code behind the system must be verifiable and available to the clients and the cryptographic/academic community to allow flaws and backdoors to be discovered and fixed as fast as possible. There is no other secure cellular, landline, or satellite phone product on the market that offers this feature.

Not all mobile network operators have ‘land lines’ connecting their antennas on the street to the mobile switching centers and the rest of the cellular telephone network. If you have ever seen a cellular base station’s antenna mast, you might have noticed that some of them have little round ‘dishes’, or ‘beamers’ at their side. These are directional antennas for the microwave links that provide the connection to the rest of the network.

Over these links, all calls made in the area are transmitted to a point where they are fed into the core network. These links are very vulnerable, because very often no encryption is used on them. An interceptor can tap into the radio signal, and listen in to many calls simultaneously. Commercial equipment for this kind of interception is available on the market at moderate prices. Interception of microwave links is commonly used when targeting a fixed facility, like a competitor’s office building. Attacks on corporations can be carried out quite effectively with this method, since many organizations tend to have a preferred mobile network operator, so just one intercepted microwave link could yield all mobile phone calls taking place in the facility.

Nothing more is required than a very small rooftop antenna in the path or vicinity of the microwave link, a wideband receiver and the appropriate channel demultiplexing and recording equipment. Among others, embassies of foreign countries are known to use microwave link interception from their various premises to stay secretly informed about what is happening in their host country. Since the antenna radiation patterns of the microwave links contain so-called sidelobes, reception of their signals with sensitive receivers is also possible outside of the straight line connecting the two points of the link.

A few intelligence agencies are also known to have satellite-based microwave link interception capabilities. Since the directional microwave beam does not stop at the receiving antenna, but travels further on in the original direction, it can be intercepted from space with a satellite placed at the appropriate position.

GSMK CryptoPhones protect against this kind of interception.

An IMSI catcher is a device that can be used to determine the electronic identities of all phones in its vicinity. Most IMSI catchers also come with the ability to listen into calls directly. The electronic identity consists of the so called International Mobile Subscriber Identity (IMSI), which is associated with your SIM card and the International Mobile Equipment Identifier (IMEI), which is the serial number of your phone. With the IMSI your calls can be easily identified at any point in the telephone network and targeted for interception and traffic analysis. An IMSI catcher is frequently used if the attacker does not know the telephone number of the victim or wants to illegally intercept calls.

The IMSI catcher performs a so called man-in-the-middle-attack, putting itself between you and the network. It is essentially a small base station that forces your phone to use it instead of the real network, determines your IMSI, and can then be used to disable or degrade the GSM encryption mode while transmitting your call on to the legitimate network. This mode of operation allows the attacker to directly listen into your calls. The attacker can also disable your phone service and intercept or fake SMS messages to and from your phone.

There are a many different companies producing IMSI catcher devices, and the list is growing rapidly. For a company manufacturing cellular test equipment, developing IMSI catchers is a trivial task. Examples of publicly available IMSI catcher equipment also include regular laptops that are connected to a small portable ‘femtocell’ base station and running publicly available GSM network simulation software.

Even when IMSI catchers are used by legitimate law-enforcement agencies, they frequently affect a high number of calls that are not their target. The resulting number of unintended intercepts is called “by-catch” and is frequently used for all sorts of investigations. Some advanced IMSI catchers are also capable of injecting malware into a mobile phone’s baseband processor over the air.

GSMK CryptoPhones protect against the interception of calls or messages as well as against the injection of malware with an IMSI catcher.

Telecommunications interception has developed into a major industry. Intelligence agencies of all countries routinely try to intercept calls that might yield political, economic, or military information not accessible via other means. Several large intelligence agencies run global surveillance networks that work like a big hoover, sucking in huge amounts of telecommunication data with a vast worldwide system of antennas, special satellites, undersea and land cable taps, backdoors in switching stations, and various other means. The most powerful computing capacities on earth are subsequently used to evaluate the calls, SMS, emails and faxes based on complex sets of criteria, forwarding the ones matching specific criteria to human analysts and database storage.

Today, even small countries run their own sprawling listening and monitoring stations. They also try to get access to the big players’ interception capabilities by trading them access to bases, facilities and interception results. The targets of these listening networks are not very specific. More and more of the capabilities are being used for economic espionage, but of course also to further the intentions of the nation states that paid for them. If you think that these systems are only used in rare cases where national security is at stake, you are wrong. Telecommunications surveillance has become a fairly routine method for intelligence agencies and governments to stay informed on anyone who is even remotely capable of interfering with political or business interests. A set of agreements between intelligence agencies makes sure that the local provisions that hinder them to listen to their own people are not of any consequence.

Other potential listeners work at the various phone companies. All network operators have listening capabilities for the purpose of “network trouble shooting” and “fraud detection”. These capabilities have been used routinely by corrupt phone company employees for their personal gain, selling call data and contents to criminal elements and industry spooks.

Corporate security departments often have their own capabilities for telecommunications interception, especially in high-risk fields such as oil, minerals, etc.

Law enforcement agencies have in the last years acquired an ever-rising set of capabilities, with ever-shrinking restrictions on their use. In almost all cases of even legitimate lawful interception, a significant number of innocent people also got caught in the dragnet of surveillance (so called “by-catch”). Even if state laws require innocent people to be notified, this often does not take place. Legal oversight in most countries is poor at best and routinely circumvented using various pretexts. Trusting that law enforcement agencies use interception carefully and only under strictly warranted circumstances is often not justified. The number of reports about abusive and excessive use of interception without proper cause and even for minor infractions has risen substantially over the past years.

Intercept systems for law enforcement are often designed in such a way as to make it impossible to perform independent reviews on the usage of the surveillance devices. Even simple statistics on the number of interceptions are routinely held secret. The interception technology for law enforcement is also frequently sold by rather dubious companies. Almost all of these manufacturers have strong ties to foreign intelligence agencies. Practically all lawful interception products contain remote maintenance facilities, constituting backdoors. Such a backdoor is of course an interesting bargaining chip on the international intelligence bazaar.

“Lawful interception” also means a very different thing from country to country. In a dictatorship or some other less-than-democratic state, it is frequently “lawful” to intercept anyone at will. The technology for interception is available on the open market and is widely deployed even in the poorest areas of the world. It would be naive to assume that the term “lawful interception” somehow automatically meant that the interception is performed under even the most basic legal oversight.

First of all, the encryption for regular cellular phone calls only protects the link from mobile device to mobile base station. During a call’s entire route through the telephone network (which may again include wireless links) the call is not protected by encryption anymore.

Second, the degree of protection granted by the respective algorithms varies greatly with network generation and algorithm choice: It has been shown over and over again that standard GSM encryption is not good enough to protect your calls. GSM providers claim there is no problem, because a proprietary set of encryption algorithms named A5 is used. They tend to forget to tell you that many varieties of A5 still in current use are weak and that experts have proven time and time again that this encryption is by far not sufficient against a determined listener.

There a four modes of A5 encryption currently in use:

A5/0 means no encryption at all. Even in regular network operation this mode is used from time to time because of technical difficulties or outside interference. In certain countries network operators have been forced to switch back to A5/0 in times of “crisis”. Being between the GSM network and the phone the IMSI-Catcher can also direct telephones to use A5/0. Some network operators switch to A5/0 to save a little bit of bandwidth in times of high network usage. The GSM specification requires phones to indicate to the user when crypto is set to A5/0, but many phones do not to comply with this requirement.

A5/1 is the encryption mode used in Europe and other western countries. It is a bit stronger than A5/2, but can still be broken with moderate resources that are available to any private attacker with sufficient determination.

A5/2 is a weakened encryption mode still used in many countries worldwide. It has been broken time and again in realtime, on a standard personal computer.

A5/3 is the algorithm that was introduced for the next generation of 3G (UMTS) networks and phones (along with the SNOW 3G stream cipher). It is considered to be stronger than A5/2, but A5/3, too, has been shown to be breakable by leading academic researchers.

Only with the advent of 4G (LTE) networks have we seen the introduction of truly modern symmetric encryption algorithms, in particular AES. 5G stand-alone networks also finally add the missing bit of user plane integrity.

So while the latest iteration of mobile network technology has made significant progress in terms of encryption strength for the link between mobile handset and base station, you are still vulnerable to man-in-the-middle attacks (e.g. with an IMSI catcher), and your call is still only encrypted on the link from mobile handset to base station, not on the telco network itself. GSMK CryptoPhones protect you against all kinds of interception, whether over the air (via an IMSI catcher) or in other parts of the network.

All CryptoPhone calls are encrypted with 256-bit keys using AES and Twofish as counter mode stream ciphers. Using both AES and Twofish results in much stronger encryption than using only one algorithm. For the highly unlikely case that a weakness is discovered in one of the algorithms, the use of the second algorithm provides still a sufficient margin of security. The use of the two very strong algorithms is a unique feature of the CryptoPhone. The key used is generated using a 4096-bit Diffie-Hellman shared secret exchange. For CryptoPhone calls a new key exchange is run for every call. For encrypted messaging, the result of an initial key exchange is stored in the secure storage container on the phone and used by means of a hash-chain.

The basic design of a secure phone is to take the voice from the microphone, digitize it and run it through a compression algorithm, before encrypting it and sending it as encrypted data to the other party. The compression algorithm is also called a codec and does with voice what mp3 does with music – making sure it takes up less data.

We invest heavily into our audio engine to give our customers the best experience when doing calls in all possible environments. CryptoPhones use a set of different codecs. The original CryptoPhone code is called CELP, running at 8kHz. The output stream of the codec is 4.8 kbit/s, enabling it to be transported over a 9.6 kbit GSM data call. The new CryptoPhone codec, first introduced with the G10i+ and now integrated in all current-production GSMK CryptoPhones, is a custom development based on ACELP which provides significantly improved sound quality while reducing the necessary bandwidth usage. The ACELP variant has been specifically optimized for an output bandwidth of only 4 kbit/s, so the complete CryptoPhone stream including all overhead data requires less than 4.8 kbit/s. For high-speed network connections, CryptoPhones also provide the OPUS codec with 12 kbit/s. Our software switches automatically between the different codecs such that you as an end user don’t have to worry about it. All voice codecs used in the GSMK CryptoPhone system are constant bit rate (CBR) codecs in order to prevent leakage of information from different codec excitation levels and bit rates.

The speech and sound quality you can expect is comparable to standard phone calls or what you know from common messenger apps. You should note that the overall speech quality depends on the cellular signal quality (if not used in WiFi environments), so degradation does happen in areas with poor network coverage. While in unencrypted mobile communications, the sound quality gets bad and you would experience dropouts as the phone moves out of coverage, with the CryptoPhone, under the same circumstances the call delay can increase.

The ‘source code’ is the blueprint of how the CryptoPhone operates, and computer programmers can read this code. Cryptography/security is a fine art, and one simple error can introduce a serious flaw into the product. Customers of communication security devices have always had to fear not only programming errors, but also so called “backdoors”. Such a backdoor allows certain people to listen into encrypted calls at all times, for instance by revealing (part of) the cryptographic key during the call.

We address this matter and the wider issue of software integrity by allowing clients to review our source code. And even if you do not understand the source code yourself, you may find some comfort in knowing that there is a large academic community that likes a challenge, and is regularly involved in reviews.

The source code is made available strictly for the purpose of security review and validation/certification purposes. A reviewer is only allowed to compile it to verify the correctness of the CryptoPhone binary and is required to delete the resulting binaries afterwards. The fact that we make the source code available for validation purposes does not imply any rights for partial or complete reuse of the source code in free or commercial products. A reviewer also cannot further disseminate the source or port it to other platforms without our permission. We offer different formats of assisted and unassisted source code reviews. Source code reviews for certification/validation purposes and the matching declaratory documentation can be tailored to the framework of the respective national or supranational certification program, while in an academic context the review format may be flexibly adapted depending on the researchers’ needs.

GSMK CryptoPhones are commercial products, just like certain PC-based encryption software, encrypted radios, link encryptors, and other security products. Over two decades of development work have made them the gold standard of the industry, and continued development of the product line will continue to cost significant amounts of money and effort. So while we strongly believe in making our source code available for security reviews, we will not give it away for free. Maintaining the integrity of CryptoPhone development and earning the money to develop the system further are two goals that are unfortunately incompatible with a GPL license. We had to use in the past, and will continue to use in the future where necessary, all applicable legal means to ensure that there will be no unfair competition in the form of other parties using our source code as the basis of a competing commercial product. You are perfectly free to develop a compatible product based on the CryptoPhone protocol, but not by using our source code.

Please read the license agreement that comes with each CryptoPhone for further details.

Please send us an e-mail to support(at)cryptophone.de with a detailed full description and your contact coordinates (PGP encrypted e-mail preferred, see imprint page for our public key). If you prefer to stay anonymous, we are fine with that, but please make very sure we can reach you via an e-mail account of your choice.

We will contact you immediately to acknowledge that we received your message and begin checking into the problem at once. You will get a dedicated contact person assigned for the verification process, to make sure there are no glitches in the communication with you. We will in no way interfere with your right to be named as the discoverer of the problem and acknowledge your findings upon publication. However we kindly ask you to hold publication until we have provided a security update to our users, to make sure they are not left out in the cold with a security problem. Our goal is to have a maximum turnaround period of 30 days between reproduction of the problem and fix, depending on severity and impact. We will inform you on the progress of our fixing efforts on a regular and timely basis.

Finders of serious problems will be awarded the CryptoPhone Award for Extreme Cleverness and a present (guess what…).

There are no restrictions on using the CryptoPhone for use in the EU, Switzerland, Norway, the USA, Canada, Australia, New Zealand, and Japan. To the best of our knowledge, the use of our products in most of Asia, South America and Africa is also unrestricted. In India and several other countries civilian users might be subject to registration requirements. CryptoPhones are not sold to countries that are on any EU embargo list. In addition, the use of CryptoPhones in Russia and other CIS and non-CIS countries is possibly subject to state licensing with which we can not comply. If in doubt, we strongly recommend you check with a competent lawyer or with the authorities in your country. As a general rule, we ship only to countries in which we have authorized resellers or for which we offer direct shipment. We explicitly do not ship to some countries, organizations or individuals, either due to EU and/or German export control regulations or because of our own assessment of the local situation. The use of CryptoPhones in countries or regions that enforce public or informal regulations on encrypted communications is at the sole risk of the user. In countries where this is applicable it is the user’s obligation to obtain any required licenses for operating the CryptoPhone. We cannot be held responsible for any problems that may result.

The best way to procure a phone or system is via your local authorized GSMK CryptoPhone reseller. If there is no such authorized reseller in your country, we will be glad to either direct you to the one nearest to you, or make arrangements for direct shipment from Germany. Please visit the “Contact Us” page for getting in touch with us for that purpose.

No. All sales are final. Each GSMK CryptoPhone is a Communication Security (COMSEC) device that is configured, packaged and security sealed individually for you and is therefore not subject to the two-week return policy for consumer electronics ordered online. The reason is that once a phone has been in the hands of a customer, we cannot sell it to another customer, because there is no economic way to check for all the possible modifications and tampering that could have affected the security of the device. Think of it like the no-returns policy that applies to tailored suits and other similar products. On questions of warranty, see below.

We have a network of authorized GSMK CryptoPhone resellers where you can pay and pick up your CryptoPhone either from stock or within only a few working days after ordering (downpayments may be required). For purchase of complete CryptoPhone systems for large organizations, individual arrangements will apply. For individual orders, we only accept advance payment by bank transfer. We generally ship within 48 hours after receipt of payment. Inside the EU, individual phones can also be shipped Cash on Delivery (COD), at extra cost.

For shipping our products, we use a few selected internationally recognized courier services, depending on destination, volume, and security parameters. We offer a split shipment option where you can select to have us ship devices from one order to multiple locations. We usually ship within two working days after successful payment processing.

Split-shipment is a method for businesses, law firms, NGOs and other private organizations to set up a secure communications network with multiple partners within a short time. You order the required number of devices with one single order, we ship them to different destinations as specified by you. A typical use for this option is for instance when you need to set up a new project team that needs secure communications immediately, or if you discover a problem in an existing communication structure that needs to be resolved quickly. Split-shipment is only available with some forms of payment.

We use a variety of high-security seals and procedures to help make sure the device arrives at your facility as we shipped it. If you want to verify the integrity of the package, please follow the instructions that you can obtain after ordering. Special verification procedures basically require you to send us an e-mail upon reception of the package, but before opening it. You will then immediately receive an e-mail from us with the types and serial-numbers of seals that we used to secure your package as well as pictures of where and how the seals were placed. We may at our discretion also include information on additional hidden security markers used for your package.

All orders are shipped directly from our secure production facilities without unnecessary delays. If you are ordering via one of our resellers, resellers are required to notify you immediately when the shipment arrives, hand you the fully sealed package and envelope with all seals intact, and store both in a secure place until you pick up the CryptoPhone.

All mobile, satellite and desktop CryptoPhones come with a one-year manufacturer warranty. In the unlikely event that your CryptoPhone needs warranty repairs, please contact us first at service(at)cryptophone.de, so we can inform you about the detailed warranty and shipment procedure. Please be aware that certain fees for shipment and security sealing might apply. You must obtain a Return Merchandise Authorization (RMA) number before returning any equipment to us. Return shipments without a confirmed RMA number will be ignored. Please note that the batteries of mobile CryptoPhones are subject to wear and tear and not covered by the warranty.

We offer firmware updates for the CryptoPhone, e.g., when additional features become available for your device. Updates are made available via our cryptographically signed over-the-air (OTA) update mechanism. If your CryptoPhone is part of a private CryptoPhone IP infrastructure, your organization may operate its own update servers. Updates generally fall into two categories: Security updates and feature updates. Security and maintenance updates are made available in case a security or operational problem has been discovered. These updates are always available free of charge, and will be made available for as long as the product they apply to is supported. Feature upgrades enhance the functionality of the CryptoPhone, and may be sold or offered for free download.