2G mobile network encryption deliberately reduced
Several researchers have discovered that the encryption algorithm used for GPRS connectivity of 2G networks has been deliberately weakened, paving the way for the decryption of communications. The ETSI in charge of its development discards the regulatory texts which imposed these restrictions at the time.
Researchers from several French, German and Norwegian universities have concluded that the GEA-1 and GEA-2 encryption algorithms used in the first mobile data networks in the 1990s and 2000s have been weakened, including one from its conception. Their purpose was to secure the GPRS (General Packet Radio Service) standard based on 2G technology. This network continues to be used for M2M systems or as a backup solution for data, SMS and mobile calls. Most current terminals are compatible with GPRS.
The two algorithms aim to secure the transfer of data between telephones and base stations and to avoid the interception of communications. However, in their work, the experts noted for example that GEA-1 did not encrypt in 64 bits as expected but in 40 bits. With a lowered level of security, a computer network can more easily brute force discover the key and read the streams. For Matthew Green, a researcher from Johns Hopkins University (who did not participate in the work) it is neither more nor less than a backdoor that was installed deliberately.
Export control highlighted
To support this theory, specialists have reverse engineered GEA-1 and GEA-2. By recreating the first, they realized that their algorithm was safer than the initial version. Dismissing the notion of chance, they believe that this weakening of security was intended from the design of the algorithm. “Concretely in a million tries, we never came close to the lessened instance,” the article said. Matthew Green also recalls that at the time TLS was not used by most websites and that Internet users relied on these encryption techniques to protect their communications.
But where do these algorithms come from? They were developed by the ETSI (European Telecommunications Standards Institute) in 1998 by a dedicated working group. The European organization was questioned by our colleagues from Motherboard on this problem and admitted that GEA-1 contained a weakness. But in their defense, he explains that it was introduced to comply with export regulations that did not provide for stronger encryption. Among these texts, there are the French decrees 98-206 and 98-207 of March 23, 1998 which exempt from control the export of the means of cryptology of which “the exhaustive search of all the possible keys does not require more than 2 power 40 trials with a simple test”. Note that for GEA-2, the rules were relaxed at the time of its design, but the researchers managed to decipher the traffic. They pointed out that the encryption “does not provide full 64-bit security.” The researchers recommend relying on the more robust GEA-3 algorithm and above.