3

While 2G/3G/4G/5G networks have their own encryption protocols, this video claims that the decision to implement it is completely optional, so there is a chance that user data is sent in cleartext. Is this true? If that is the case how do I know if my calls and sms that I've made using the cellular network is encrypted or not?

Improve this question
1
  • 2
    I'm not sure you would be able to tell. Commented Jan 14, 2025 at 9:11

3 Answers 3

Reset to default
1

Some generations have better encryption between the cell phone and your home operator and some between the phone and the base station. You would need to be able to disable the other generations to be sure your choice is used.

Even then, you cannot tell for sure how your contact is using the mobile network nor how the SMS or call is handled between your operators. As there is never end-to-end encryption, you should assume it is not encrypted, and use a more secure channel for sensitive information.

Improve this answer
1

how do I know if my calls and sms that I've made using the cellular network is encrypted or not?

By not relying on the transport/vendor for security, and using an application that provides the security that you require.

Phones and mobile computing in general is an environment where users are second class citizens and security is apparently not a priority.

For example, Apple has a message application with "features" that enable compromise and takeover, some don't require interaction. Money and resources probably aren't the reason that occurred, and the reason probably isn't important. But you can use different applications that do provide the level of security and assurance that you require.

Improve this answer
0

All modern cellular networks, and even not-so-modern ones, use transport layer encryption. This is not end-to-end encrypted and can be decrypted by telecommunications services. Additionally, specialized hardware can intercept and decrypt even modern cellular protocols. Older protocols such as 2G use encryption algorithms so weak that they can even be broken passively.

There is a replacement for SMS and MMS called RCS (Rich Communication Services). The recent Universal Profile 3.0 makes end-to-end encryption default for one-on-one messages containing text, audio messages, or files (everything except for typing indicators):

R5-43-1
RCS clients shall enable E2EE by default unless expressly prohibited by local regulations.

As long as both parties have RCS E2EE enabled by default, the communication will be end-to-end encrypted. If E2EE is prohibited, it is required that the user be notified:

R5-43-1-3
If E2EE is disabled, the user shall be informed that E2EE is not available in their market of operation.

If your phone supports RCS, it is required to indicate to you whether or not the message will be sent with RCS (potentially end-to-end encrypted) or SMS (not end-to-end encrypted):

R5-2-5-2
Before sending a message, the client shall indicate to the user whether a message will be sent as SMS or 1-to-1 Chat.

But if you're truly using SMS and not RCS, then it is not end-to-end encrypted and only uses transport layer encryption. For very old 2G GSM networks, it is possible for encryption to be set to A5/0, which indicates no encryption (although A5/1, the encrypted variant, is quite easy to break anyway). There is no way to determine this without expensive monitoring equipment if your phone does not indicate it.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.