By David Ponce

Without getting philosophical, let me just say this: eavesdropping is bad, m’kay? And while large corporations may see things differently (think ATT), it’s nice to see smaller outfits doing something to help you keep your private conversations, well, private.

Swiss company Vectrotel makes and markets the Vectrotel X8, a GSM cell phone that encrypts your conversations with an unbreakable cypher. Here’s how it works. First off, you need two phones. When you place a secure call (you can also place regular calls), they perform a 1024-bit Diffie-Hellman shared secret exchange, to generate a secret 128-bit key. This process takes between 10 to 30 seconds. Only the two phones share this unique key: it is generated before each call, and deleted after each call. Once the key is generated, conversation is subsequently encrypted and your call is secure.

If you had 1000 computers and each tried 1?000?000?000 keys per second you still would need 1019 years to decrypt the message.

There is a small delay in transmission and your voice will sound a little metallic… but at least you can be assured that only you and whoever you’re talking to will be aware of this.

Additional security and integrity is ensured by a calculated HASH checksum that is indicated on the display.

To protect you from misuse by a third party we secured the crypto functions by a user-determined PIN code

What’s even more interesting is that they have made the phone inconspicuous. The triband unit looks (and also works) like a regular cell phone, and even boasts some decent specs: IR, Bluetooth and USB connections, 1.3MP camera, 240 X 320 QVGA screen, 5 hours regular and 4 hours encrypted talktime.

There’s no word on price, although something this proprietary and unique can’t be cheap.

[VectroTel X8] VIA [Xataka]


  1. Unbreakable my a**e.

    Diffie-Hellmann key exchange is vulnerable to “Man-in-the-Middle” attacks. Unless you performed the initial key exchange through some secure channel {say, InfraRed} then you can’t be sure someone isn’t pretending to you to be the person you called, and to the person you called to be you.

    Also, without access to the source code, you can never, ever be sure that an encryption system is even half secure.

  2. The “initial key exchange” is performed before any communications are attempted (at setup time). The article specifically mentions “shared secret”. By definition, this excludes a MitM type attack, unless the MitM is also in the circle of *allowed* communicators

  3. Isn’t the Man-in-the-Middle attach mitigated by the hash on the display. When your friend on the other ends reads out the wrong hash you know something’s wrong.

  4. AJS,
    you read out the HASH checksum that is indicated on the display to teh person on the other end and if it matches then there is no man in the middle.

  5. Vectrotel X8 Secure Mobile Phone…

    The feds aren’t going to like it when you hook up your Vectrotel X8, a normal-looking GSM cellphone that has some serious 128-bit encryption inside. It has the usual features of a run-of-the-mill handset, such as a Bluetooth and USB……

  6. Great idea really but the problem is that the key generation takes place before each call which means that it has to be transmitted. Someone watching the air waves could grab the keys as they fly by.

  7. Keys are never sent in clear. That’s the purpose of the Diffie-Hellman algorithm. Key agreement. Both phones end up with the same shared secret after the algorithm is done. So, they can both use this shared secret for encryption of the voice channel. However, MitM is a concern with Diffie-Hellman. So, to protect against this, both phone compute a hash over the shared key and display this hash on the phone screen. When the phone call begins, one of the user must read the hash to the other user and they must make sure it matches. If not, there is a MitM and they will then drop the call. ZRTP is an extension to SRTP that use the same mechanism.

    Best Regards,
    Guylain Lavoie, M5T Inc.

  8. Verschl?sselte Telefonate mit Handy von VectroTel… berichtet ?ber ein Handy, dass verschl?sselte Telefonate erm?glicht. Das GSM Telefon des Schweizer Herstellers VectroTel kann vor einem Telefonat? eine mit 128 Bit verschl?sselte Verbindung aufbauen. Das Herstellen der verschl?sselten…

  9. Regardless of whether this particular system is secure (DH, 1024 bit RSA, 128 bit symmetric, closed source code) the fact that there is a phone that does this at all is a step in the right direction. Ideally it would not use DH, have a 256-bit AES key, 4096-bit RSA key, have open source encyrption routines with flashable firmware, and not make peoples voices sound like robots. But this is a good start that could LEAD to a phone like that.

  10. This reminds me a lot of CryptoPhone who did actually publish their crypto source. Users were encouraged to compile the source and verify that the results of the compilation were byte for byte identical with the contents of the firmware.

    Also… Tanner/Lane-Smith/Lareau have some things to say about encrypting voice over the data channel in their DefCon presentation from last year [PDF].

    My personal experience is that latencies in excess of 350 msec are typical over EDGE, so… get ready to pretend you’re GI-Joe by ending every sentence with “Over.”

    Just remember… The DoD is moving away from DH over a finite field in favor of EQMV and ECDH (more info at

    Finally… When using DH, both parties need to be using the same values for the generator and the modulus. There was some concern in the 90’s about insecure values for g and p; if an attacker could force you to use an insecure generator, he might be able to recover the agree’d key by listening in to the key establishment conversation. I seem to recall that Vaudenay published a similar attack for DSA.

    In any event, the moral of the story is. Yawn. Another phone that encrypts voice over a high-latency GSM data channel. I’m not the worlds biggest fan of X.509, but it would be awefully cool if you could exchange self signed certs via IR or SMS, then make a non-encrypted call, verify the cert fingerprints, assign “trust” to the local copy of the cert and use this trusted cert as part of the authentication phase before key agreement.

    DTLS (SSL for lossy, UDP style connections) was recently published. This might be a good option for people wanting to do this in the future. That way you could just do SIP/RTP over GSM (or WiFi) with DTLS configured to do ephemeral keying.

    Just a though.

  11. Vectrotel X8 the most secure cell phone…

    Paranoid that someone might be snooping your conversation on the cell-phone. Well, then you might be interested in Vectrotel X8. It is made by Swiss company Vectrotel the X8 is a GSM cell phone that encrypts your conversations with an……

  12. The new version of x8 have the same source code like the S3
    The company vecprom says, that the S3 is saver then the new. Its logical, because their is no way to secure pictures or sms, it cost to much capacity. To secure not only voice, you can get vecprom dms. This is the network solution.

  13. The device is one point; the network is the other thing. Only the combination with the modem, the x8 makes sense, when you will secure not only the voice. This is hugde expensive! The Vecprom DMS which is compatibliy to the Vectrotel cost around 7K Euro. Then you need more then 2000 computers on the edge and more the 2500 in the core and you have a 25percent chance to decrypt in 2 years. The luxery vecprom version costs around 22K Euro and you have no way to decrypt because the modem change the channel all 35 seconds.

  14. The complete VECPROM Solution makes a real sense. But this solution cost around 13K$. But without a officiliy legitimation, you cant buy nothing form VECPROM

  15. The x8 is only a part in the whole VECPROM roll out of Radio Encryptors, Facsimile Encryptors, Secure Terminals and Key Management and Station Center. In the Terminal-Management is the source-code………Have fun and secrets…

  16. Only the whole programm from the edge to the core make sense. To protec the core you need the gouvernmental protection. Obviously have Vecprom this high level protection!!! Its not possible without this “roof” to act in the core because of the key-sources. To create the keys its a must to cooperate!

  17. VECPROM is in the line by the telecos; how can this works without protection? The x8 is coming from Sagem; Sagem is protected also. What is the result? What they will see and know, they knew and see…

  18. I mean that their are 3 open doors. The sms. Then the pictures and of course last not least the network-link. When you write SMS or you send pictures, the door is wide open because you can not use the second channel. Sagem knows this and Vecprom also. In this moment when you connect your smart phone with the net, in this step you need the VECPROM DMS. Without the decryption module you are open. The question is, where is the secure source in this moment when you open the network link? The answer is simple: By VECPROM and so in the same step by the gouvernment.

  19. im keen to buy 50 sets of the cell phone encrypter.How do i now the government wount be listening in on the same? Does the person im calling need a similar phone or not for the communication to be secure?

  20. We need 20 unit of Vectrotel X8 in India.Please adviced us the full product details. Terms and condition and price including shipment charges