Encryption of mobile communications networks, intentionally compromised to facilitate interception.

According to a recently published report, the early years of mobile data networks were the “paradise” of intelligence agencies, which could intercept almost any communication at will.

It is about the 2G communications standard, used between 1990 and 2000 to facilitate internet access from mobile devices. Apparently, the two encryption technologies used at the time included intentionally infiltrated vulnerabilities, making it easier to access backdoor to decrypt Internet traffic. According to the same report, by the end of that period, the vulnerability was already known to groups of hackers, who allegedly actively exploited it to intercept Internet traffic.

While the encryption technologies used at the time would not have been at the highest level of security anyway, especially if we refer to current standards, mathematically the probability that the alleged vulnerabilities have accidentally crept into the algorithms The encryption you use is close to zero.

The suspicions are confirmed and researchers from several universities in Europe, their conclusions being that the GEA-1 algorithm used for mobile data communications since the introduction of the GPRS standard for 2G networks was designed from the beginning to include a backdoor gate. Both GEA-1 and the next version of GEA-2 are patented encryption technologies, the technical details behind which are not known to the general public.

Named “divide-and-conquer”, the “fairly simple” attack allows a person capable of intercepting data traffic initiated on the mobile phone on the route to recover the cryptographic key used to protect the connection, decrypting the entire data stream. The weak point of GEA-1, the oldest algorithm developed in 1998, is that it offers only 40-bit security. But in reality, the random generation of the cipher for encrypting the connection is even weaker than the use of the 40-bit key would suggest, the way it is generated by introducing a vulnerability that facilitates its “guessing”.

While the next version, GEA-2 did not contain the same vulnerability, the security provided remained at an insufficient level, facilitating decryption.

The only good news is that the GEA-1 and GEA-2 standards are no longer used on a scale, as 3G and 4G networks are based on much higher encryption technologies. However, these vulnerabilities remain theoretically active and potentially exploitable, since 2G / GPRS networks are still accessed by mobile devices when 5G / 4G or 3G coverage is not available.

Source: Go4IT by www.go4it.ro.

*The article has been translated based on the content of Go4IT by www.go4it.ro. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!