In a paper published on Wednesday, Cybersecurity researchers in Europe said that they have discovered a security flaw in an encryption algorithm used by 2G phones. This security flaw may have allowed attackers to eavesdrop on some data traffic for more than 20 years.
Security Flaw Found in 2G After Two Decades
The researchers said in a paper published on Wednesday that the security flaw affects the GPRS, or 2G data standard. Notably, these researchers hailed from Germany, France and Norway. Nowadays, most countries use 4G mobile standard, with 5G rolling our rapidly around the world. However, GPRS still remains a the primary data connection standard in some countries.
Rather ominously, the researchers have claimed that the vulnerability in the GEA-1 algorithm is not the result of an accident. According to them, whoever created it, did it intentionally to provide law enforcement agencies with a "backdoor". This vulnerability would still allow law enforcement agencies to comply with laws restricting the export of strong encryption tools.
Christof Beierle of the Ruhr University Bochum in Germany, a co-author of the paper, said, "according to our experimental analysis, having six correct numbers in the German lottery twice in a row is about as likely as having these properties of the key occur by chance".
The GEA-1 algorithm was meant to be phased out from phones as early as 2013. However, the researchers said that they also found it in current Android and iOS smartphones. The researchers have notified phonemakers and standards organizations to fix the said flaw.
The implications of this claim are very far reaching - law enforcement agencies could have been eavesdropping on unsuspecting citizens without their knowledge, much less their consent. The fallout of such a discovery will surely be massive.