26 April 2010

Did Anyone Else Notice That?

There are 4 variants of GSM's A5 stream cipher, the algorithm used to secure subscriber connections over the radio link:

  • A5/0. No encryption at all.
  • A5/1. "Stronger" encryption. This option is supposedly provided only on basestation equipment delivered in North America and Europe.
  • A5/2. Weak encryption, exported to the rest of the world. The GSMA declared A5/2 obsolete in 2006 and mandated that it be phased out in networks and not supported in new handsets. I think.
  • A5/3. True strong encryption, being phased in for UMTS systems and proposed as an upgrade for GSM systems.
My first question for anyone who happens to be reading this: What, specifically, was the GSMA's 2006 mandate regarding A5/2? Can anyone point me to an authoritative document?

My second question is more vexing. Let's assume for a minute that I really do have my facts right. Suppose you are using a post-2006 GSM phone somewhere outside of North America and Europe. The carrier's equipment isn't supposed to support A5/1. Your handset isn't supposed to support A5/2. A5/3 isn't available yet in non-UMTS networks. So what A5 variant are you using?


  1. Here in South Africa we follow European regulations. I'm guessing that most countries which are part of the British Commonwealth (or as I like to call them - Cricket playing countries) follow the same regulations.

    A big part of Africa will also have the same standards through MTN.

    A guy from China once told me that in communist countries there isn't any encryption... I'm not sure about that.

  2. Sylvain Munaut27 April, 2010 04:46

    Yes David, I wondered the same thing :)

    And new phones definitely refuse A5/2, I checked ... So I guess if you're in such a country that has only A5/0 and A5/2 ... well, you're using A5/0 ...

    Note that the a5/1 export restriction is no longer enforced AFAIK ... but operators might not have upgraded. I know that some operators in china have a5/2 only.

  3. I found a number of articles where it says that in Russia all carriers use A5/1 (this is most likely true), whereas in most European countries A5/2 is used. I personally doubt the latter, but I don't have the information.

    P.S. I recall that the iPhone's FieldTest could give me the algorithm used, I'll try it in a while.

  4. I've just checked and all three mobile operators here in Moscow, Russia (MTS, Beeline, Megafon) use A5/1.

    Now I'll have to check whether my new phones support A5/2. I have ASUS P750, Motorola Milestone and HTC Nexus One near my hands.

  5. Probably a stupid remark, but A5/3 aka Kasumi has received a shattering blow because cryptanalysis showed it was weak.

    However, good question

  6. Hello David,

    I think you're looking for this piece from late 2004:

    "The successful phase out of A5/2 requires all operators to remove the algorithm from their BSS equipment and manufacturers to use A5/1in all new GSM-enabled handsets. A project team has been established to oversee and manage the withdrawal of A5/2 and GSMA's Security Group will play a key role to play in terms of communicating the implications and options available to network operators and to monitor compliance with agreed collective action.

    The requirement for network operators currently using A5/2 to upgrade their BSS equipment is significant but absolutely necessary to mitigate the emerging risks. The willingness of operators to withdraw A5/2 from their networks is critical to safeguarding the industry and, as most operators upgrade their BSS software at least once annually, it is believed that the upgrade from A5/2 to A5/1 could be incorporated in scheduled network upgrades. Failure to execute the upgrade by any operator will expose its roaming partners, and their customers, to increased levels of risk. It is therefore critical that every network undertakes the BSS upgrade by end 2006."

    Find the whole thing here, Ctrl-F for "End of Line for A5/2"


  7. Thomas -

    Thanks. That's useful and specific.

    So here's the next question. Was the export restriction ever lifted on A5/1, or does the GSMA still limit it to CEPT and COCOM states?

  8. David,

    This is from the same source:
    "GSMA has been granted permission to extend the range of countries to which A5/1 can be distributed and this affords A5/2 operators the opportunity to enhance the security of their networks by upgrading to A5/1."

  9. Hi,
    Does anyone know which GSM network have upgrated its encryption algoithm to A5/3 in the world?

  10. Hi all
    I'm Pooyan Zamanian, graduated in IT (from Polytechnic of Tehran). we are working on project to examine the security of our homeland Mobile Netork.
    I need information about specifications of attacks to GSM such as man-in-the-middle, Fake BTS, Fraud and so on. about the tools and software and also the instructions needed to do a testical attack. can you help me please? where can i find such information?

    I'll be very glad if you could help me :)


  11. I would say that the #1 security problem with your home mobile network is that its operators have far too cozy a relationship with your domestic intelligence services. And I'm not sure I even want to know what a "testical attack" is.

  12. That does sound horrible. ouch. :)

  13. http://www.airshoes.us


  14. # Alexander.
    How could you see if the network were A5/1?
    Was it because it said: ciphering 1 inside: fieldtest, network information?

  15. 2Anonymous:
    I captured own conversations with Nokia 3310, decoded them with Wireshark and looked at what network offers.

    PS When you ask questions, it's better to name yourself.

  16. # Alexander
    Thanks for your quick answer.
    Do you know what the "value 1" on iphone, fieldtest, network information, cihering is?

  17. 2Peter
    No idea. I don't use iPhone, ever.

  18. #Domo
    Do you have an answer to my question?