Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Jump to content
Sign up to our newsletters
Independent
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Security flaw found in 2G mobile data encryption standard

Cybersecurity researchers in Europe say they've discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades

Via AP news wire
Wednesday 16 June 2021 09:38 EDT
Germany Cellphone Security
Germany Cellphone Security (Copyright 2021 The Associated Press. All rights reserved.)

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.

In a paper published Wednesday, researchers from Germany France and Norway said the flaw affects the GPRS - or 2G - mobile data standard.

While most phones now use 4G or even 5G standards, GPRS remains a fallback for data connections in some countries.

The vulnerability in the GEA-1 algorithm is unlikely to have been an accident, the researchers said. Instead, it was probably created intentionally to provide law enforcement agencies with a “backdoor” and comply with laws restricting the export of strong encryption tools.

“According to our experimental analysis, having six correct numbers in the German lottery twice in a row is about as likely as having these properties of the key occur by chance,” Christof Beierle of the Ruhr University Bochum in Germany, a co-author of the paper, said.

The GEA-1 algorithm was meant to be phased out from cellphones as early as 2013, but the researchers said they found it in current Android and iOS smartphones.

Cellphone manufacturers and standards organizations have been notified to fix the flaw, they said.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in