Slashdot Mirror

← Back to Stories (view on slashdot.org)

GSM Decryption Published

Posted by ScuttleMonkey on from the spend-the-money-on-tech-instead-of-lawyers dept.

Hugh Pickens writes "The NY Times reports that German encryption expert Karsten Nohl says that he has deciphered and published the 21-year-old GSM algorithm, the secret code used to encrypt most of the world's digital mobile phone calls, in what he called an attempt to expose weaknesses in the security system used by about 3.5 billion of the 4.3 billion wireless connections across the globe. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. 'This shows that existing GSM security is inadequate,' Nohl told about 600 people attending the Chaos Communication Congress. 'We are trying to push operators to adopt better security measures for mobile phone calls.' The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal and said they overstated the security threat to wireless calls. 'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.' Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of any reasonable well-funded criminal organization. 'This will reduce the time to break a GSM call from weeks to hours,' Bransfield-Garth says. 'We expect as this further develops it will be reduced to minutes.'"

35 of 299 comments (clear)

  1. Pna lbh urne zr abj? by Tackhead · · Score: 4, Funny
    Pna lbh urne zr abj?

    Jul lrf, V pna!
    - AFN

    1. Re:Pna lbh urne zr abj? by chaboud · · Score: 4, Interesting

      Is this encryption only secure until I tell people that this is ROT-13?

      That's it. We should just ROT-13 GSM traffic.

      And that, kids, is the point. This should be "+1, Troll rating was idiotic."

    2. Re:Pna lbh urne zr abj? by Anonymous Coward · · Score: 5, Funny

      Is this encryption only secure until I tell people that this is ROT-13?

      Yes, but what you are doing is illegal in Britain and in the United States.

  2. Ha Ha by stox · · Score: 4, Insightful

    What the operators really want is something secure enough so you can't practically listen to a politician's conversations, but open enough so the state can listen to any citizen's conversation. All in the same of National Security. We will only be secure when the reverse is true.

    --
    "To those who are overly cautious, everything is impossible. "
    1. Re:Ha Ha by mysidia · · Score: 4, Insightful

      No... that's not an issue the operators need be concerned with. The government can listen in regardless, through FISA, CALEA, Patriot Act, Lawful Interception technologies on the carrier's networks.

      I wish I could elaborate further on the matter, but that's a dangerous proposition.

      One reason to stick with simpler encryption technology, is it's a cheaper, commodity part. New algorithms take time to develop: R and D costs, mean more expensive products, not to mention the requirement to replace expensive network infrastructure in order to adopt new standards.

    2. Re:Ha Ha by QuoteMstr · · Score: 4, Informative

      As another poster mentioned, the government can already get a wiretap easily enough without having to break the cipher.

      I am sick and tired of conspiracy theories. Remember the sage advice to never attribute to malice what can be adequately explained by incompetence.

    3. Re:Ha Ha by zippthorne · · Score: 4, Insightful

      Fortunately, AES is more than capable enough to protect everyone's calls, and current gen phone microcontrollers are more than capable of handling it. And there are other ciphers as well that are as yet unbroken. All they need to do is add or replace an encryption layer with one of 'em.

      Sure, it's not trivial, and neither is the key distribution problem, but it's not impossible. It's not even impractical. It's just more expensive than doing nothing at all. When you factor in the billable hours for the lawyer to demonize people, i'm not even sure you come out ahead by not putting in proper encryption.

      --
      Can you be Even More Awesome?!
  3. And this is a nearly unsolveable problem. by chaboud · · Score: 5, Insightful

    We allow people to fear-monger by saying that this can allow criminals to decrypt calls more easily, but, if a couple of dozen hackers at a conference can piece this together through brute-force-ish tactics, are we sure that others haven't already? That's the point that they've made, a point entirely lost in the article.

    This does *next-to-nothing* to make the system less secure. It was insecure to begin with. Regulations rendering the dissemination of code-breaking and system-compromising codes and techniques illegal aren't there to protect our data security. They're there to allow companies to use inadequate security measures without public shame.

    Of course, this is Slashdot. Anyone who doesn't already know that security through obscurity is ridiculous is an idiot (or a troll). Anyone who relates cryptographic security to fake-rock-key-hiding and calls that rock obscurity (inevitable in a story like this) is just a troll.

    1. Re:And this is a nearly unsolveable problem. by Anonymous Coward · · Score: 5, Insightful

      I have never understood why systems like GSM, Wifi, or whatever didn't or don't use well known crypto algorithms (and already implemented in hardware even). Very smart people have already done the hard work and it has been time tested and proven secure. DES (and by extension 3DES) encryption has been available for a long time, long before GSM "encryption" was invented. Why didn't they just use that? New systems should be using AES or equivalent modern and proven algorithms.

      What the hell is wrong with the morons that designed these standards? Cryptography is one of the hardest mathematical fields out there, attempting a home-grown solution is absurd and wasteful.

      It seems like the Wifi groups finally got the hint when they introduced AES to the WPA standard. Why it took them so long baffles me. As I mentioned, we have had good hardware implementation that can do secure crypto work for ages and ages. I mean most of the algorithms like DES and AES are designed to be implemented in hardware.

    2. Re:And this is a nearly unsolveable problem. by QuoteMstr · · Score: 5, Informative

      There are differing levels of obscurity and differing levels of difficulty to get useful information out of the obsfucation, but in the end, its all just security through obscurity.

      That's a strawman. You're using "obscurity" with two subtly different meanings. The OP's point is that the secret of a system should not depend on the algorithm; that is, a restatement of Kerckhoff's principle, which says that a system's security should reside in the key. When someone invokes the phrase "security through obscurity", what we mean is a system that violates Kerckhoff's principle and places essential details in the cryptosystem itself, which is far more difficult to keep secret than a key.

      "Obscurity" of the key and "obscurity" of the cryptosystem are distinct concepts that shouldn't be conflated, but you did just that. Perhaps it is you who should refrain from commenting on security.

    3. Re:And this is a nearly unsolveable problem. by Surt · · Score: 4, Interesting

      It's a strange design given that they have unfettered access to the unencrypted backbone transmission. Why not just do the spying there, and use real security between cell and base? It gives you a real feeling of security, and them the same level of spying capability.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
    4. Re:And this is a nearly unsolveable problem. by chaboud · · Score: 4, Informative

      When someone who understands cryptographic security says "security through obscurity isn't security at all," they typically mean that knowledge of the algorithm shouldn't provide any significant benefit to an attacker. In other words, the exchange should be computationally secure even if attackers know the mechanism of encryption/decryption. In cases of public/private key encryption, the exchange should be computationally secure even if attackers know the public key.

      The "obscurity" of a private key, for instance, isn't the obscurity that we're talking about. You either don't know that, or you're just out to rag on me (didn't get what you wanted for chanuquanchristmasolstice?). Whatever. My initial point, that A5/1 is naturally insecure (subject to known-plaintext attacks and hit by relatively-easily-generated rainbow tables) and this project highlights that, still stands.

      I have no need to get into a credentials-off with someone on Slashdot, but I'll happily discuss the more technical aspects of cryptography with anyone interested/interesting, yourself included.

      Honestly, I suspect that a few things are in play here:
      - A5/1 is relatively easy to implement in limited hardware.
      - Much of the existing infrastructure hardware has code that either sits in ASICs (this seems unlikely at this point) or bolted-into-a-box firmware that would require costly re-flashing.
      - Companies aren't forced by consumers to provide genuine security.
      - Most phone calls are *really* boring, and most of us honestly have nothing that we feel is worth hiding (I'm not saying that this sentiment is a good one in general).

      I would like to think that the public will eventually get wise and call, globally, for the use of cryptographic algorithms that are more genuinely secure, even against government intrusion, but I know that this is next to impossible. Phone companies did a cost/benefit analysis on this one long ago and decided that the encryption that they were using was sufficient. With public awareness, the costs/benefits of modernization have changed (fractionally). In general, this is good news.

    5. Re:And this is a nearly unsolveable problem. by Nimey · · Score: 4, Insightful

      At a guess, they didn't use DES back when because DES is computationally intensive, i.e. slow. This is especially important when you've got a small-for-the-day device that runs on batteries and must provide something approaching real-time performance.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    6. Re:And this is a nearly unsolveable problem. by dachshund · · Score: 5, Insightful

      I have never understood why systems like GSM, Wifi, or whatever didn't or don't use well known crypto algorithms
      A combination of factors:

      1. GSM is very old (for a digital standard). The more robust cryptographic algorithms known at the time were enormously expensive on the limited hardware available (this is back in the 80s or so).

      2. GSM was created by a consortium of manufacturers and national governments. Germany in particular was very concerned about calls being eavedropped by the eastern block; countries like France wanted the ability to (more) easily monitor calls. The France block won the negotiation.

      3. Cryptographic techniques have been evolving, even over the past decades. Cracking hardware has gotten faster (distributed computing, FPGAs) and researchers have developed a lot of expertise at breaking symmetric ciphers. Key sizes that seemed appropriate really aren't anymore.

      4. Carriers don't really give a crap about theoretical weaknesses. Unless you can buy a call decryptor on Amazon it doesn't count to them. And even then it's probably still not worth the money to upgrade.

      Wifi does use well known cryptographic algorithms, at least if you use WPA-AES, not WEP or the TKIP hack, both of which were designed to enable secure communications on very weak chipsets.

    7. Re:And this is a nearly unsolveable problem. by plover · · Score: 4, Insightful

      I have never understood why systems like GSM, Wifi, or whatever didn't or don't use well known crypto algorithms (and already implemented in hardware even).

      Because 22 years ago when it was developed, the processing power and electrical power requirements required for DES to keep pace with a voice stream with automatic error recovery and no more than about 100 milliseconds of delay would likely have been prohibitively expensive for a device intended for the mass market. In addition, the U.S. government's ITAR/EAR restrictions would have made it almost impossible to import or export such devices into or out of the country, and ignoring the U.S. cell phone market could have meant financial ruin for the cell phone makers.

      A5/1 probably got laughed at by the NSA wonks, who said, "Sure, let them import it."

      And for those who would point out it's a European standard that doesn't care about American laws, the French have placed far more restrictions on encryption than the U.S. government ever has. Strong encryption would have cut both of those markets out.

      --
      John
    8. Re:And this is a nearly unsolveable problem. by dkf · · Score: 4, Interesting

      At a guess, they didn't use DES back when because DES is computationally intensive, i.e. slow. This is especially important when you've got a small-for-the-day device that runs on batteries and must provide something approaching real-time performance.

      It's more likely that the issue was that the US Government of the day (remember, we are talking mid 80s) would have thrown a total wobbly at the use of DES in technology being installed the world over. Crypto is an area where the effective regulatory landscape has changed rather a lot over the past 25 years.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
  4. Re:Irony by Cidolfas · · Score: 5, Insightful

    If he can do it, so can the bad guys.

    And the bad guys aren't going to publish the how-to at a conference.

    --
    I am become /dev/null, destroyer of data.
  5. People wo vote this troll just don't understand by SlothDead · · Score: 4, Funny

    Ubj vf guvf n gebyy cbfgvat?
    Fubhyq unir orra "-1 snvyrq gb or vagrerfgvat" ;-C

  6. This is the epitome of security through obscurity by selven · · Score: 4, Insightful

    worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

    Wait, so just having the encoding algorithm is enough to decipher a message? That's kindergarten cryptography, not something designed for the real world.

    The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted.

    Yes, that's right. Their main weapon in defending your privacy against crackers who don't care about the law at all is copyright.

    operators, by simply modifying the existing algorithm, could thwart any unintended surveillance.

    If that's not security through obscurity, I don't know what is.

  7. GSM Association by Pooch+Bushey · · Score: 5, Insightful

    "To do this while supposedly being concerned about privacy is beyond me"

    can someone point me to the article where the GSM Association was outraged when it learned of the illegal wiretapping program which the carriers happily participated in as agents of the u.s. government? i'm sure they protested that, right? riiight?

  8. Spin city. by ScrewMaster · · Score: 5, Insightful

    called Mr. Nohl's efforts illegal

    So? What has that to do with whether or not he actually did what he says he did? It's not even worth mentioning. A good encryption system should not depend upon the presumed illegality of breaking it.

    says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption.

    That you know of, lady. If this guy really has cracked it, odds are someone else has sometime in the past two decades, but wasn't kind enough to so inform you.

    --
    The higher the technology, the sharper that two-edged sword.
  9. Re:This is the epitome of security through obscuri by ScrewMaster · · Score: 4, Insightful

    If that's not security through obscurity, I don't know what is.

    Technically, it's insecurity through stupidity.

    --
    The higher the technology, the sharper that two-edged sword.
  10. Is the newest version deployed everywhere? by AdamInParadise · · Score: 4, Informative

    The weaknesses of this algorithm are well-known and a new version that fixes those issues has been available for a long time. Now, does anyone knows whether this new version has been deployed everywhere? Who is still relying on the older version?

    BTW, the algorithm used by 3G networks is different. It is based on AES and the design is publically available.

    --
    Nobox: Only simple products.
    1. Re:Is the newest version deployed everywhere? by QuoteMstr · · Score: 5, Informative

      BTW, the algorithm used by 3G networks is different. It is based on AES and the design is publically available.

      No it's not. The cipher used for 3G service is KASUMI, which is already vulnerable to a better-than-brute-force attack. (Even if it weren't, a 64-bit block is too small.)

      When will people learn? Never roll your own damn cryptography. No matter how clever or paranoid you are, you're not clever and paranoid enough. Just use AES.

  11. Re:Irony by Anonymous Coward · · Score: 4, Insightful

    It has been known for a while that GSM can be hacked and that it can be done with a relatively trivial amount of readily available hardware. If you wanted to do it, you could do it. The current effort is mostly a public awareness thing and an ongoing optimization of the attack. People are not going to buy multiple software defined radio boards, tune them with an improved clock source, download or create terabytes of rainbow tables and put it all together just to listen in on their neighbors (which everybody knows would be illegal). People who go to these lengths with anything but research in mind do not need this kind of public "guide" to GSM cracking. GSM is not safe. It hasn't been for quite a while and now people know it. (Two more talks on GSM issues are on the Tuesday schedule. Apparently there are a lot of facepalm type of bugs which are undiscovered purely due to lack of attention.)

  12. What the hell is wrong here? by jonaskoelker · · Score: 4, Insightful

    'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, [...] 'To do this while supposedly being concerned about privacy is beyond me.'

    What? Come again?

    If Ms. Cranton doesn't even know the argument for full disclosure, why is she the person speaking on behalf of the GSM Association?

    Now, we can discuss among ourselves when full disclosure is better than limited disclosure and vice versa, but at least we understand both positions. She doesn't?

    Also, if the attack is practically unlikely, why the big concern about privacy? Didn't Ms. Cranton just say this wasn't a big problem, yet at the same time shame Nohl for causing a big problem?

    Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts combined with inadequate security designed into the damn thing could put sophisticated mobile interception technology [in the hands of outlaws].

    Fixed that for Mr. Bransfield-Garth. The system isn't weak because of Nohl's deeds or misdeeds. It's weak because it's poorly designed. I have seen telecoms security protocols. Only banks have protocols worse than these :(

  13. GSM Talk Video by marcansoft · · Score: 4, Informative

    The NY Times article is missing quite a lot detail. Slashdot users might appreciate the raw video from the talk (torrent): part 1, 2, 3.

  14. Why it's unsolvable by jonaskoelker · · Score: 4, Interesting

    They're there to allow companies to use inadequate security measures without public shame.

    And the politics is really the problem.

    Let's classify the world into four types of people: politicians, security experts, telecommunications lobbyists and the regular citizens.

    The politicians want to stay in office. The security experts want good security. The telecommunications lobbyists want cheap security. The regular citizens don't know there's a security concern (except from what they hear from Hollywood).

    The politicians can stay in office if they can afford a good campaign. The telecommunication lobbyists want to make a deal. The security experts are few, unconnected and don't have much money in comparison. The uneducated masses aren't going to change their voting based on GSM security even if they knew about it and understood the issues.

    And so you will have the politicians portraying the security experts as evil people (which the media will dutifully transmit to the public), all while the telecommunications people get to use cheap and poor security.

    (replace telecommunications with banking if you want to get really bummed out...)

    Or am I wrong? Please, someone tell me I'm wrong.

    1. Re:Why it's unsolvable by dgatwood · · Score: 4, Interesting

      Or am I wrong? Please, someone tell me I'm wrong.

      You're wrong. Well, you're right up to a point, but you forgot one thing. Those security people are pissed because this has been buried by those dirty politicians and telecom lobbyists. They have an axe to grind, and now several thousand of them just got the keys to GSM.

      Crooked politicians should be scared out of their minds by this. I'd give it six months before we start to see tapped GSM phone calls showing up on YouTube, resulting in high-profile congress critters resigning in disgrace. Six months max. Maybe much sooner.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  15. On the definition of "obscurity" by jonaskoelker · · Score: 5, Interesting

    encryption is nothing more than security through calculated obscurity.

    I think you can only prosecute an argument for that claim successfully if you engage in semantic shifting.

    That is to say, you're right only if you take the word `obscurity' to mean something different from what everybody else takes it to mean.

    Security by obscurity generally means you're relying on the adversary to be ill-informed about some aspect of the crypto which wouldn't be a problem for him to know about in a "real" cryptosystem, and/or extremely limited in computational power.

    For instance, the windows 95 screen saver password (at most 14 characters) was stored in the registry, xor'ed with a fixed key of length 14. Probably a const char screen_saver_xor_pad[14] = [...], "safely" hidden away in some undisclosed source code. Security by obscurity.

    This is also how DRM works: encrypt a bit string f with key k, then send k and e_k(f) to the recipient, but sneakily, hoping that the recipient will only decrypt and use f in accordance with the rules your piece of software implements. Security by obscurity.

    Take on the other hand AES. Go do an exhaustive key search. If you're smart, do a meet-in-the-middle. That's sqrt(2^n), which is still exponential (it's sqrt(2)^n). Okay, n is fixed, but still: the best attack is (essentially) brute force. That's real security.

    Then there's of course the gold-plated but impractical security (well, encryption): whenever you want to send a message m that's b bits long, come up with a uniformly random b-bit key k, then transmit m XOR k. Perfectly secure, but good luck sending k to the recipient. You can pre-share it, though, so if you put 4 TB of random key in your submarine, it can send 4 TB back to HQ confidentially. Or you can do quantum key distribution (if you have the required equipment).

    I recommend that while your post has a valid point, you try to refrain from commenting on the more technical aspects of security.

    I recommend you try to refrain from assessing peoples' understanding of the technical aspects of security and making recommendations based upon that assessment. I haven't seen anything in your parent's post which suggests they don't understand the subject matter, unless we take your semantic shift to be The Right Way to understand "obscurity."

  16. Re:Irony by Anonymous Coward · · Score: 5, Insightful

    Since its been going on for 21years u might figure out if HE DOESNT PUBLISH, MOST BAD GUYS WILL DO IT FOREVER.

    Security through obscurity vs full disclosure.
    Full disclosure always win for the customer, regular citizens and the greater good.

    Obscurity always wins for the bad guys, companies who make money and governments.

    ITS AS SIMPLE AS THAT

  17. Don't panic. Copyright to the rescue! by Anonymous Coward · · Score: 5, Funny

    From TFA:

    "The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted."

    I feel much easier knowing that the G.S.M. Association will be wielding its copyright to ensure my security. Who needs security when we have copyright?! Security via copyright assertion has worked so well for the film and music industries. Hasn't it?

  18. Re:Irony by plover · · Score: 4, Insightful

    Obscurity has a unfairly bad rap.

    There are two different meanings of obscurity in use in computing these days: one is a standard based on a secret that can be theoretically reverse-engineered; and the other is the non-standard implementation of a standard.

    The first, which is what GSM was, is really a "secret algorithm" approach. People call it "obscure" because it could be reverse engineered, but it really was based on keeping a secret from the people who all shared it. It violated Kerckhoff's principle which means it could be exposed, and now it has been. But it took 3.5 billion people 22 years to figure it out, which means that it was a pretty effective secret. That sounds a lot more effective than just plain "obscurity."

    Useful obscurity is all about misdirection. It's an opaque curtain, or a mirror, or a fog; it's not an armored wall. Simply configuring your web server to report its identity as IIS when it's really running Apache won't confuse the humans viewing your pages, but it could make an automated attack fail that's based on attacking Apache servers. Changing default port numbers, or default security settings, or reported version numbers, or really shifting anything from the default to a place where it won't be expected by an automated attack is highly effective at keeping the port scanners and script kiddies at bay.

    Consider the attack vectors on the internet. Bots and automated scanners make up the vast majority of threats out there. You can't swing a null modem without hitting some zombie that's probing your web server looking for default PHP weaknesses. Obscurity lets you dodge these clumsy attacks for free, and lets you focus your resources on other measures to more effectively improve your security -- IDPs, monitors, etc.

    When used properly, obscurity is a wonderful tool that can make your life much easier. It doesn't provide security by itself, but adds another layer that does make you "more secure" overall by removing you from the first waves of automated attacks, giving you time to patch your systems.

    --
    John
  19. Re:Irony by akpoff · · Score: 5, Insightful

    But it took 3.5 billion people 22 years to figure it out, which means that it was a pretty effective secret. That sounds a lot more effective than just plain "obscurity."

    No. In 22 years only one person in 3.5 billion cracked GSM encryption and published his findings. According to the article others have cracked the encryption but haven't published.

    What we now know is that it's crackable based purely on data analysis. That tells us everything worth knowing about GSM encryption. Anyone with a need for secure communications now has to treat GSM encryption as if it has been cracked by everyone they want to secure the communications against. To do otherwise would be about the only thing worse than security through obscurity.

  20. kinda not news by Eil · · Score: 4, Interesting

    (Note: I have RTFA, but I'm quoting mainly from the summary here.)

    Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret.

    Feh. Steve Gibson explained the flaws in GSM in very precise, technical detail in his podcast with Leo LaPorte back in September. See episode 213 of Security Now, "Cracking GSM Cellphones". He explained how the algorithm was implemented in hardware, right down to the hardware level.

    The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal

    Oh yes, they'd like us to believe that reverse engineering encryption is illegal. It is not. Eavesdropping on cell phone calls is illegal only because cell phone carriers have always used technology decades behind the state of the art. It's a crappy regulatory patch to a massive technical loophole. It's akin to a law forbidding wifi cards from supporting "monitor mode" because you can use it to eavesdrop on unencrypted wifi traffic. Karsten Nohl is not recommending that anyone eavesdrop on other people's phone calls. He's trying to show the public that their conversations are as good as "in the clear" and gosh darn it, the billion-dollar wireless industry just doesn't like that a bit.

    Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology -- limited to governments and intelligence agencies -- within the reach of any reasonable well-funded criminal organization.

    Nope, even better: it puts GSM decryption technology within the reach of anyone with a 2TB hard disk, $1000 of radio equipment, and the time to figure out some software. And, as I pointed out already, this has been known for some time. Until recently, the weaknesses of GSM has been the skeleton in the closet of the wireless industry. It should have seen the light of day years ago.

    This is not an easy problem for them to solve, either. A5/3 is much better encryption, but as I understand it, almost every handset in existence can be forced to fall back to A5/1 (or even A5/0, no encryption) relatively easily.