A research team has discovered a security gap in modern mobile phones that is very unlikely to have been created by accident. In fact, it should have been removed back in 2013.
  • @DonutVeteran@lemmy.ml
    73 years ago

    The IT security experts received the GEA-1 and GEA-2 algorithms from a source who wishes to remain anonymous and verified their authenticity in the first step. The ciphers had been used to encrypt data traffic over the 2G network, for example when sending emails or visiting websites. The researchers analysed how exactly the algorithms work. They showed that GEA-1 generates encryption keys that are subdivided into three parts, two of which are almost identical. Due to their architecture, these keys are relatively easy to guess.

    . . .

    The encryptions that GEA-1 and GEA-2 produce are so weak that they could be used to decrypt and read live encrypted data sent over 2G. Today, most data traffic is sent over the 4G network, also called LTE. Moreover, the data is now protected with additional transport encryption. Therefore, the researchers assume that the old vulnerabilities that still exist no longer pose a serious threat to users.