So what is the encryption in 3G/4G networks?

So should you use WhatsApp or your mobile phone network to make calls? Well, WhatsApp uses proper end-to-end encryption, but your 3G/4G network only supports encryption from phone to the base station, along with the possibility of it using a weak encryption cipher. With WhatsApp we have a proper key exchange using ECDH (Elliptic Curve Diffie-Hellman) and 126-bit/256-bit AES encryption, but what do we have on a 3G/4G network?

The advice of many industry experts would be that you should avoid using the mobile phone network if you want to make sure that your call cannot be tapped into. The major problem of the 3G/4G network is thus that the encryption is only applicable between the phone and the base station, and there is no encryption applied to the data when it reaches the wired network. To be fully secure, we must overlay our security with SSL/TLS, SSH, or a VPN tunnel.

A5/1 and A5/2

While we all concentrate on the core IP network, and which has relatively good protection in the transmission over the air, it is the GSM/3G network that could be at risk. The mobile phone network typically uses the A5/1 or A5/2 stream encryption method, but almost on its first day of operation it has been a target for crackers, and the source code to crack A5/2 was released within one month of being made public. While blocked…