Credit to Author: Pieter Arntz| Date: Thu, 13 Jan 2022 16:11:11 +0000
The Electronic Frontier Foundation (EFF) has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones.
This is beneficial because 2G uses weak encryption between the tower and device that can be cracked in real time by an attacker to intercept calls or text messages.
What is 2G?
Knowing that some countries are already preparing for 6G, you will understand that 2G, which is short for second generation, is an outdated communication standard. Another name for the 2G network that you may be familiar with is GSM (global system for mobile communications). 2G was set up in 1991 and in 2017 some providers started closing down their 2G networks. However, some carriers think that closing down 2G is not the best idea and continue their operations.
Why should I not use 2G?
You should avoid using 2G since it doesn’t use strong encryption and, over the years, many vulnerabilities have been found.
The encryption between the tower and the device is so weak that it can be cracked in real time by an attacker to intercept calls or text messages. In fact, the attacker can do this passively without ever transmitting a single packet.
Another major problem is that there is no authentication of the tower to the phone, which means that anyone can impersonate a real 2G tower, and a device using the 2G protocol will happily use it without questioning.
Cell-site simulators, also known as Stingrays or IMSI catchers, are devices that pretend to be legitimate cell-phone towers, tricking devices within a certain range into connecting to the simulator rather than a tower.
Cell-site simulators operate by conducting a general search of all cell phones within range, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (International Mobile Subscriber Identifiers are numbers which identify a mobile subscriber by their SIM card) of all of the mobile devices within a given area. Some cell-site simulators may have advanced features allowing law enforcement to intercept communications or even alter the content of communications.
3G, 4G, and 5G deployments fix the worst vulnerabilities in 2G that allow for cell-site simulators to eavesdrop on SMS text messages and phone calls. It’s not that they don’t have vulnerabilities, it’s just that they are a big step forward.
Who can disable 2G?
For now, only the newest Android models will have the option to disable 2G. These users can disable 2G right now by going to Settings > Network & Internet > SIMs > Allow 2G and turning that setting off. On older Android phones, these steps may or may not work. Unfortunately due to limitations of old hardware, Google was only able to implement this feature on newer phones.
The EFF urged Apple to support this feature as well, and has started a Twitter campaign to nudge Apple along. The EFF also strongly encouraged Google, Apple, and Samsung to invest more resources into radio security so they can better protect smartphone owners.
Completely abandoning 2G is not an option yet, since many people still rely on it as the main mobile technology, especially in rural areas. That’s why brand-new, top-of-the-line phones on the market today still support 2G technology. But they should at least offer those users that do not depend on it, the option to disable 2G. The first step has been made, so let’s keep things moving.
Stay safe, everyone!
The post Some Android users can disable 2G now and why that is a good thing appeared first on Malwarebytes Labs.