Highly secure mobile phones

(Updated: April 9, 2016)

In the previous post we saw that ordinary mobile phones offer only limited protection against eavesdropping. Therefore, special devices are designed to keep conversations safe. Here we will list a range of mobile phones, which offer a high level of security and are therefore suited for top level telecommunications.

The following information is gathered from the internet, only to provide a general overview. For more information, provided by the manufacturer, please click the yellow section title or the fact sheet.

- For government and military use -

General Dynamics: Sectéra Wireless GSM Phone

- Produced from 2002-2012 by the American company General Dynamics Corp.
- For GSM and GPRS networks.
- Ordinary Motorola Timeport GSM phone, with a special Security Module attached at the back side of the phone, replacing the battery cover.
- Approved by the NSA for conversations up to the level of TOP SECRET * and by NATO for up to COSMIC TOP SECRET. This phone is also used by the British government for mobile communications up to the level of SECRET.*
- Encryption with US Type 1 and approved Suite B (including AES and ECDH) encryption algorithms.
- There are slightly modified modules for the UK, Canada, Australia and New Zealand. There's also a version, using the AES algorithm only, which is exportable to other countries.
- The price of this phone is 2.095,- US dollar.
- More details in the factsheet (pdf)

> As of 2013, General Dynamics replaces this phone by GD Protected, a platform for securing high-end Samsung and LG smartphones.



Sectra: Tiger XS

- Produced since 2005 by the Swedish company Sectra AB.
- For GSM and UMTS networks.
- This is a personal encryption device, which is connected in between a headset and an ordinary mobile phone (via Bluetooth). Voice data are encrypted by the device, before going into the non-secure telephone.
- Two factor user authentication with SIM-sized access card and PIN code.
- Approved in the Netherlands, by the European Commission and by NATO for conversations up to the level of SECRET. In 2011, the Tiger XS was used in 17 European countries.
- Since 2007, a sligthly modified version of this device is used by Dutch cabinet ministers and high-level officals of government departments and the Dutch armed forces.*
- More details in the factsheet (pdf)

> See also: The phones of the Dutch Prime Minister

Sectra: Tiger 7401

- Produced since 2012 by the Swedish company Sectra.
- For GSM, GPRS, EDGE and UMTS networks.
- Custom made mobile telephone with TEMPEST verified design and tamper response, providing Red and Black interfaces for secure and non-secure connections.
- Two factor user authentication with SIM-sized access card and PIN code.
- Approved in the Netherlands for conversations up to the level SECRET (STG GEHEIM), approvement for the European Union and NATO is pending.
- For Dutch high-level military officials this phone will replace the Tiger XS device in the course of 2014.*
- More details in the factsheet (pdf)



Rohde & Schwarz: TopSec Mobile

- Produced since 2008 by the German company Rohde & Schwarz GmbH.
- For GSM and UMTS networks.
- This is a separate encryption device, which is connected in between a headset and a smart phone (both iPhone and Android) with Bluetooth connection. Voice data are encrypted by the device, before going into the non-secure telephone.
- Approved in Germany for conversations up to the level of RESTRICTED (Verschlusssache/Nur für den Dienstgebrauch).
- The device secures the key exchange with a 384-bit key ECC algorithm and encrypts the voice data with AES, using a 256-bit key.
- More details in the factsheet (pdf)



Secusmart: SecuVOICE

- Produced since 2008 by the German company Secusmart GmbH.
- For GSM and UMTS networks. There are separate solutions for voice, SMS and e-mail communications.
- Common high-end Nokia phones are secured by a tamper proof chip on the format of a microSD Card, which is inserted in the memory card slot of the phone.
- Approved by German, Dutch and NATO agencies for conversations up to the level of RESTRICTED.
- Communications are secured by 128-bit AES encryption and keys are exchanged using the Elliptic Curve Diffie Hellman (ECDH) protocol.
- This solution was implemented for securing voice communications of the German federal government in 2009, including those through the Nokia 6260 Slide phone of chancellor Angela Merkel.
- More details in the Secusmart overview (pdf)

> Secusmart provided a similar security solution for the BlackBerry 10 smartphones, which became available for German government officials in 2013. See: How secure is the Merkel-Phone?



Thales: Teorem

- Produced since 2008 by the French company Thales Group SA.
- For GSM, GPRS, EDGE and UMTS networks.
- Custom made handset, with a second display, showing whether the call is secure or not.
- Approved in France for conversations up to the level of SECRET (Secret Défense).
- In 2010, the French government ordered over 14.000 of these phones, to be used by the president, ministers and high officials of the armed forces and the various ministries that deal with classified defence information.*
- The price of this phone is said to be around 1.500,- euros.
- More details in the factsheet (pdf)



Telsy: TSM T3

- Produced since 2009 by the Italian company Telsy S.p.A.
- For GSM and UMTS networks.
- Custom made telephone handset, with proprietary hardware and software design.
- Encryption with AES, using 256-bit keys and asymmetric ECCDH key exchange, or, on demand, proprietary and custom made algorithms. Interoperable with CryptoPhone equipment.
- Also sold by the Scottish company Bridge Systems Ltd.
- More details in the factsheet (pdf)

- For government and commercial use -

Omnisec: Secure Mobile Phone Omnisec 230

- Produced by the Swiss company Omnisec AG.
- For GSM, EDGE and UMTS networks.
- Common HTC smart phone with hardened Android operating system. The encryption engines are stored on a single chip, which is inserted into the phone like a SIM-card.
- Encryption with Omnisec proprietary algorithms using 256-bit keys.
- The price of this phone is said to be around 25.000,- Swiss franks (although 2500,- franks seems te be more realistic).
- More details in the factsheet (pdf)

> For a demonstration, see: Swiss video on mobile phone security



Crypto AG: Crypto Mobile HA-2400

- Produced by the Swiss firm Crypto AG.
- For EDGE and UMTS networks.
- Common high-end Nokia smart phone from the E-series, with Symbian operating system. The crypto capabilities are provided by a single tamper proof chip (the Crypto Mobile HC-9100) on the format of a microSD Card, which is inserted in the memory card slot of the phone.
- Encryption with a customer specific cipher algorithm HCA-820, using 128 or 256-bit keys.



Tripleton: Enigma E2

- Produced since 2012 by the British company IntSec Ltd.
- For GSM and GPRS networks.
- The phone uses the Enigma encryption system developed by the T-Systems/T-TeleSec division of Deutsche Telekom. This was following a request from former German Chancellor Gerhard Schröder, after he was hacked in the 1990s.*
- This Enigma system was first used in a mobile phone, which is sold since 2002 (for 3.200,- euro) in Germany by the Beaucom Group.*
- Encryption with AES, using a 256-bit key, which is exchanged via 1024-bit RSA.
- The price of this phone is 1.320,- pound sterling.



GSMK: CryptoPhone 400

- Produced by the German company Gesellschaft für Sichere Mobile Kommunikation mbH (GSMK).
- For GSM and UMTS networks.
- Customized HTC mobile phone, with the operating system being a stripped down version of Windows Mobile. There are various other models available.
- Encryption with Twofish and AES in parallel, both with 256-bit key length, exchanged using a 4096-bit key Diffie-Hellman algorithm.
- In 2001, the Dutch hacker and digital rights activist Rop Gonggrijp started to work on highly secure phone, which was eventually launched in 2003 as the CryptoPhone 100.
- For the United States, the GSMK CryptoPhones are manufactured and sold by the Las Vegas based company ESD America Inc.
- The price of this phone is 2.618,- euros.



Other manufacturers

Some other, predominantly commercial secure mobile voice solutions are also provided by companies like SecurDigital in the US, Nabishi in the UK, PrivateWave from Switzerland, CasperTech from Italy, GeeksPhone from Spain, SecurStar from Germany, Compumatica from The Netherlands, and Gold Lock from Israel. Encrochat is also a highly secured and customized cell phone, made by a small company from Canada.


Encryption methods

All these phones use a hybrid cryptosystem, in which the conversation is encrypted with a very strong symmetrical cipher, often AES with 256-bit key. This key is then encrypted with a public-key cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. Only the intended recepient can then decrypt the key and henceforth the message. By this method, end-to-end security all the way through the public telephone network is provided.


Security considerations

The most secure mobile phones are made by defense contracters, often primarily for being used by national government and military officials. This is because using telephones, or any other communication device, made by a foreign company always bears the risk of secret backdoors, allowing easy access to the encrypted conversation.

Countries, and also international organisations, without their own production facilities for military grade encryption equipment often go to companies in small or neutral nations, where they expect to have the least damage in case there would be a hidden backdoor.

Another inevitable risk of mobile phones is using them in (public) places where conversations can easily be overheard by other people or by listening devices. Secure wireline desk top phones can counter this threat by installing them in rooms which are secured against eavesdropping.

This is also one of the reasons why conversations at the highest level (TOP SECRET/SCI in the United States, TOP SECRET elsewhere) are often restricted to dedicated wireline circuits.


> See also: How Obama's BlackBerry got secured



Links
- Motherboard.Vice.com: Canada Bought $50 Million Worth of 'Secure' Phone Systems from the NSA
- OSNews.com: The second operating system hiding in every mobile phone

Swiss video on mobile phone security

This is an informative video from the Swiss television program Einstein, about the potential threats and risks of mobile cell phones:

The phone shown in this report is the Secure Mobile Phone Omnisec 230 (fact sheet in PDF), made by the Swiss firm Omnisec AG. This is a modified HTC smart phone, with a hardened Android operating system, and with all risk providing applications (like bluetooth and GPS) removed. The microSD Security Module provides encryption with 256-bits key length to secure communication for classification levels up to Top Secret. But, the cost for two of such phones is said to be around 50.000,- Swiss Franks.


UMTS

For most people, a far more affordable way to get better security for cell phone communication is just to use the UMTS or 3G mobile network, instead of GSM. Where GSM only has authentication of the user to the network, UMTS uses mutual authentication, which means the mobile user and the network authenticate each other. This prevents a so called "man-in-the-middle attack" by using false base stations. Also UMTS uses stronger encryption algorithms (KASUMI-based 128-bit key algorithms) for securing the voice and data during the radio transmission between the handset and the base station. For this, GSM uses the rather weak A5/1 algorithm with only a 64-bit key.

Nowadays, UMTS services are widely available in western countries and accessible through high-end smart phones like the popular iPhone 3G and the Samsung Galaxy i9000 series. However, it should be noted that the use of the UMTS-network still bear the risks of intrusions through unsafe applications and malware. Furthermore, UMTS does not provide any end-to-end encryption or authentication between one user and the other. Traffic between between the fixed network stations is still unencrypted and there's authentication only between users and the network provider.


BlackBerry

Another affordable option for more secure mobile communication is by using the BlackBerry smart phone, which is very popular amongst business people and government officials. A BlackBerry encrypts data (including e-mail, but excluding voice) that travels between the handheld device and the BlackBerry Enterprise Server by using either Triple DES or, for the latest models, AES with 256-bit key. This allows the BlackBerry to be the only consumer handheld devices certified for use by government agencies of the US, the UK, Canada and Australia. But again: this only applies to e-mail messages and not for voice conversations.

So, people who want or need the certainty of strictly private phone calls from one person to another, have to assure that through extra applications or specialized hardware features, for example like the aforementioned Omnisec phone or a variety of other highly secure mobile phones.

Update:
In November 2020, the Swiss broadcaster SRF reported that not only Crypto AG sold weakened encryption devices, but that one of its largest competitors, Omnisec AG, did the same, selling less secure devices from their 500-series even to Swiss federal agencies and the UBS bank. Omnisec was founded in 1987 and dissolved in 2018.

Links
- Application for Secure deletion on Android
- Overview of GSM and UMTS Security
- Paper about Cryptographic Algorithms for UMTS (PDF)