A group of scientists from several European universities published a report on encryption algorithms for 2G networks, which many information security experts and the media have already called sensational.
The fact is that according to this study, two old encryption algorithms, created in the 1990s and 2000s, but still used in mobile networks, are vulnerable and allow users to monitor Internet traffic. First of all, the talk is about the GEA-1 algorithm, which was created and used many years ago, when the GPRS standards in 2G networks were adopted.
Worse, the researchers write that the likelihood that such vulnerability would occur accidentally is extremely low. That is, scientists suggested that the algorithm was deliberately weakened in order to provide law enforcement agencies with a “loophole” and comply with laws restricting the export of reliable encryption tools. After the publication of the document, the developers of the algorithm confirmed this theory.
The researchers explain that two old encryption algorithms, GEA-1 and GEA-2, fell into their hands at once, which are proprietary, that is, usually not available to the general public and outsiders. After examining them, experts came to the conclusion that the algorithms are vulnerable to attacks that can decrypt all user traffic.
To reverse GEA-1, in fact, scientists had to create a similar encryption algorithm themselves, using a random number generator often used in cryptography. Even so, they were unable to create the same weak encryption scheme as in the original.
The problem with GEA-1, developed back in 1998, is that it only provides 40-bit protection. According to the researchers, this allows an attacker who can intercept traffic, recreate the key, and decrypt all data.
The representative of the European Telecommunications Standards Institute (ETSI), which developed the GEA-1 algorithm, admitted in an interview with Vice Motherboard that the algorithm does have weaknesses, and this was done intentionally:
At the same time, the “descendant” of GEA-1 – GEA-2, no longer had such glaring problems. In fact, an ETSI spokesman explained that at the time of the creation of the GEA-2, export control rules had already been relaxed. However, the researchers were able to decrypt traffic protected by GEA-2 using a more sophisticated attack, and concluded that GEA-2 also “does not provide sufficient security for today’s standards.”
The only consolment is the fact that currently GEA-1 and GEA-2 are not very widespread, since new standards for 3G and 4G networks have long been adopted. In 2013, ETSI completely banned operators from using the GEA-1 algorithm, but the researchers write that, despite this, GEA-1 and GEA-2 are used to this day, because GPRS is still used as a backup communication option in many countries and networks.
To prove these words, experts have tested several modern smartphones based on Android and iOS to see if they can support old and vulnerable algorithms. Alas, the experiment showed that GEA-1 and GEA-2 are still supported. It is also worth adding that many IoT devices also still use 2G modems and can also be vulnerable.