Encryption algorithms for 2G networks have been intentionally weakened

Encryption algorithms for 2G networks

A group of scientists from several European universities published a report on encryption algorithms for 2G networks, which many information security experts and the media have already called sensational.

The fact is that according to this study, two old encryption algorithms, created in the 1990s and 2000s, but still used in mobile networks, are vulnerable and allow users to monitor Internet traffic. First of all, the talk is about the GEA-1 algorithm, which was created and used many years ago, when the GPRS standards in 2G networks were adopted.

Worse, the researchers write that the likelihood that such vulnerability would occur accidentally is extremely low. That is, scientists suggested that the algorithm was deliberately weakened in order to provide law enforcement agencies with a “loophole” and comply with laws restricting the export of reliable encryption tools. After the publication of the document, the developers of the algorithm confirmed this theory.

According to our experimental analysis, guessing six winning numbers in the German lottery twice in a row is about as likely as accidentally getting these key properties.Christoph Beierle of the Ruhr University in Bochum, Germany, one of the report's authors, writes.

The researchers explain that two old encryption algorithms, GEA-1 and GEA-2, fell into their hands at once, which are proprietary, that is, usually not available to the general public and outsiders. After examining them, experts came to the conclusion that the algorithms are vulnerable to attacks that can decrypt all user traffic.

To reverse GEA-1, in fact, scientists had to create a similar encryption algorithm themselves, using a random number generator often used in cryptography. Even so, they were unable to create the same weak encryption scheme as in the original.

After a million tries, we don’t even come close to such a weak sample [as in the original]. This means that the weakness in GEA-1 was unlikely to be an accident, that is, the 40-bit security level was driven by export regulations. Because of these political demands, millions of users seem to have been poorly protected while surfing [the web] for many years.the document says.

The problem with GEA-1, developed back in 1998, is that it only provides 40-bit protection. According to the researchers, this allows an attacker who can intercept traffic, recreate the key, and decrypt all data.

The representative of the European Telecommunications Standards Institute (ETSI), which developed the GEA-1 algorithm, admitted in an interview with Vice Motherboard that the algorithm does have weaknesses, and this was done intentionally:

We followed the rules. We were adherent to the export control rules that limited the capabilities of GEA-1.

At the same time, the “descendant” of GEA-1 – GEA-2, no longer had such glaring problems. In fact, an ETSI spokesman explained that at the time of the creation of the GEA-2, export control rules had already been relaxed. However, the researchers were able to decrypt traffic protected by GEA-2 using a more sophisticated attack, and concluded that GEA-2 also “does not provide sufficient security for today’s standards.”

The only consolment is the fact that currently GEA-1 and GEA-2 are not very widespread, since new standards for 3G and 4G networks have long been adopted. In 2013, ETSI completely banned operators from using the GEA-1 algorithm, but the researchers write that, despite this, GEA-1 and GEA-2 are used to this day, because GPRS is still used as a backup communication option in many countries and networks.

In most countries, [the risk] is not very high and is significantly lower than in the early 2000s, as GEA-3 and GEA-4 are in use today. But the phones still support GEA-1. There are scenarios where a mobile phone can be tricked into using the GEA-1 even today.says co-author Howard Ruddum.

To prove these words, experts have tested several modern smartphones based on Android and iOS to see if they can support old and vulnerable algorithms. Alas, the experiment showed that GEA-1 and GEA-2 are still supported. It is also worth adding that many IoT devices also still use 2G modems and can also be vulnerable.

Encryption algorithms for 2G networks

As I reported, Scientist discovered a vulnerability in the universal Turing machine.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *