Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Uncategorized

Security Flaw Found in 2G Mobile Data Encryption Standard

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.

In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS – or 2G – mobile data standard.

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.

In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS – or 2G – mobile data standard.

While most phones now use 4G or even 5G standards, GPRS remains a fallback for data connections in some countries.

The vulnerability in the GEA-1 algorithm is unlikely to have been an accident, the researchers said. Instead, it was probably created intentionally to provide law enforcement agencies with a “backdoor” and comply with laws restricting the export of strong encryption tools.

“According to our experimental analysis, having six correct numbers in the German lottery twice in a row is about as likely as having these properties of the key occur by chance,” Christof Beierle of the Ruhr University Bochum in Germany, a co-author of the paper, said.

The GEA-1 algorithm was meant to be phased out from cellphones as early as 2013, but the researchers said they found it in current Android and iOS smartphones.

Cellphone manufacturers and standards organizations have been notified to fix the flaw, they said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights