Hello from the past: what is the danger of 2G vulnerability for modern smartphones
- 2021-10-21 11:30
A vulnerability was found in the encryption algorithm for 2G networks. At the same time, experts note that the defect was left on purpose, to conduct wiretapping in the future. Even though the second generation mobile network is no longer supported, the algorithm with the error is also present in modern phones based on Android and iOS.
The study, on which specialists from Germany, France, and Norway worked together, noted that the detected flaw could not have appeared in the algorithm by accident and was most likely created intentionally to give intelligence agencies a "backdoor" to access the network.
At the moment, most phones use 4G or 5G communication standards, however, it is worth remembering that GPRS is a backup for communication in some countries. Moreover, the GEA-1 encryption algorithm, in which the flaw was discovered, is still used in modern Android and iOS smartphones.
"Exploiting the discovered vulnerability could lead to a downgrade attack. In other words, an attacker could force the victim's phone to switch to GEA-1, that is, to use 40-bit encryption instead of 64-bit. And today, there are quite a few ways to break 40-bit encryption," the expert warned.
At the same time, according to him, it will be difficult for users to protect themselves from hacking, because they often cannot choose the GPRS encryption algorithm.
Switching to the A5/3 encryption algorithm may serve as a global protection option. However, the transition is quite expensive, especially since a large number of cell phones either do not implement A5/3 at all or implement it incorrectly, which causes malfunctions when the device works.