Researchers: 2G Connection Encryption Deliberately Weakened To Comply With Cryptowar Export Restrictions
from the endangering-phone-users-in-the-name-of-public-safety dept
Researchers have discovered a backdoor in 2G encryption, one that was deliberately created. As this report by Lorenzo Franchesi-Bicchierai for Motherboard points out, the researchers didn't necessarily know it was deliberate when they discovered it.
Researchers from several universities in Europe found that the encryption algorithm GEA-1, which was used in cellphones when the industry adopted GPRS standards in 2G networks, was intentionally designed to include a weakness that at least one cryptography expert sees as a backdoor. The researchers said they obtained two encryption algorithms, GEA-1 and GEA-2, which are proprietary and thus not public, "from a source." They then analyzed them and realized they were vulnerable to attacks that allowed for decryption of all traffic.
The researchers said in their research paper the backdoor appeared to be deliberate. They reverse-engineered the algorithm, trying to randomly replicate the weakness in the random number generator they'd discovered. They were unable to do so. After observing this, they came to a pretty dead-on conclusion:
This implies that the weakness in GEA-1 is unlikely to occur by chance, indicating that the security level of 40 bits is due to export regulations.
This was confirmed shortly after the paper [PDF] was published.
A spokesperson for the organization that designed the GEA-1 algorithm, the European Telecommunications Standards Institute (ETSI), admitted that the algorithm contained a weakness, but said it was introduced because the export regulations at the time did not allow for stronger encryption.
This algorithm hasn't been in common use for years. The 2G standard has been abandoned in favor of 3G and 4G, eliminating this deliberately induced weakness. Export regulations no longer require deliberate weakening of encryption, so current standards are far more secure.
But even though 2G networks haven't been in common use since the early 2000's, this weakness (which still exists) still has relevance. One of the features of Stingray devices and other cell site simulators is the ability to force all connecting phones to utilize a 2G connection.
Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.
This means anyone using a cell site simulator can break the weakened encryption and intercept communications or force connecting devices to cough up precise location data. While law enforcement agencies (including the FBI) claim not to use any features that allow interception, the US is not the only customer for these devices. And there's been no confirmation that any US agency isn't using these to intercept communications they feel aren't protected by the Fourth Amendment, like conversations occurring in other countries (remember: the military had Stingrays first) or close to our nation's borders.
This revelation adds more info to the body of work dealing with the first cryptowar that began all the way back in the 1990s. Back then, the US government considered the export of strong encryption to be a criminal act. The NSA was one of the beneficiaries of this determination. This determination -- and the NSA's input -- resulted in the standardization of weakened encryption by the RSA. Even after the US government abandoned its criminalization of strong encryption, state-sponsored hackers (including our own NSA) were often able to force to force sites and content delivery services to utilize "export grade" encryption rather than stronger options in order to intercept communications and content.
Fortunately, most of that is behind us now. Our communications are now protected by encryption that hasn't been deliberately weakened. But it's still out there. And it can still be exploited by attackers with the right tools.
Filed Under: 2g, backdoor, encryption, gea-1, weakened
