Encrypted cell phone foils eavesdroppers

Berlin company CryptoPhone releases a GSM mobile handset that uses encryption technology to ensure that calls can't be intercepted.

Declan McCullagh
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
2 min read
A Berlin company has developed a cell phone designed to be impenetrable to eavesdroppers.

CryptoPhone, a unit of privately held GSMK, said a European model of its encrypted GSM (Global System for Mobile Communications) phone is available immediately for $2,270 (1,900 euros), and a U.S. configuration will ship by the end of the year. Two CryptoPhones are necessary to have a secure conversation.

 "It's the only option people currently have to get trustworthy mobile encryption," Frank Rieger, GSM technical director at CryptoPhone, said in an interview Tuesday.

Other companies have developed mobile devices that use encryption, including Siemens' TopSec GSM phone and Motorola's CipherTAC module for its flip phones.

But CryptoPhone is unique in that its phone is cheaper, and the complete source code to its encryption software is available, allowing independent auditors to check for accidental bugs and intentional backdoors. For encryption, CryptoPhone uses AES256 and Twofish, two algorithms considered to be among the strongest available.

Interception of GSM calls is illegal in most, if not all, nations, but equipment to sniff and decode phone calls is readily available. GSM spy gear claims to "auto detect," decode and record conversations and "target specific numbers or randomly screen GSM mobile communication." The GSM standard itself includes a limited form of encryption, but Israeli researchers recently discovered a basic flaw in it.

"This is something that is no longer theoretical," Rieger said. "This is something that you can expect every private investigator to have in his toolset."

CryptoPhone's Web site also mentions possible eavesdropping by the National Security Agency and warns that "law-enforcement agencies have in the last years acquired an ever-rising set of capabilities, with ever-shrinking restrictions on their use." In 1998, the Los Angeles Police Department was discovered to have illegally wiretapped hundreds of telephones in violation of the law.

To make a CryptoPhone, the company buys an off-the-shelf phone from a Taiwan manufacturer (sold in the United States as an AT&T SX56) and loads its encryption code into it. The company also plans to release free encryption software for Windows computers on Nov. 23 that will interoperate with its GSM units.