Today, all the standards we use are designed to the millimeter to avoid back doors or any security breach . Or at least it should be, as rear doors are unfortunately not unusual in the industry. Now, they have discovered that the mobile networks we use today were designed to be insecure from the start.
This has been revealed by a study called ” Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 “. In it, researchers claim to have found sufficient evidence in the GEA-1 encryption algorithm used in GPRS networks to claim that these networks were designed with hacking in mind. To do this, they would have detected the presence of unusual patterns that indicate that there were vulnerabilities included by default to limit the level of security.
The GPRS standards are extensions of the GSM standard (2G and 3G) that allowed mobiles to use data over mobile networks before the arrival of 4G LTE networks . To ensure data security, the standard included protection, for which they use the GEA-1 and GEA-2 encryption standards.
GEA-1 encryption: much more insecure than it should
Therefore, in an era where most websites and services did not use TLS or HTTPS , the only protection mechanism available to users in the 2000s was the protection used by mobile networks. On paper, the GEA-1 encryption could generate 2 64 different states, but due to a number of circumstances, in practice it was only possible to have 2 40 different states. That is equivalent to 0.000006% of the number of states offered by the standard, or 16.7 million times less.
This small change allows spy attacks to be carried out on protected GEA-1 data connections, being necessary to capture only 65 bits of a source that you already know in plain text. Coincidentally, the GPRS design includes a multitude of packet headers and other elements that are predictable, being really easy to obtain any 65-bit keystream and know the encrypted equivalent to later obtain the key.
GEA-2 is more secure, and you have to think about GEA-3
However, that is not the worst of all. The researchers, after discovering this, tried to find out if this design flaw was an accident. To do this, they tried to generate random parameters for the encryption to see if this could happen by accident. After 1 million attempts, they were unable to replicate the situation, implying that the designers were either very unlucky, or that GEA-1 was designed to contain a vulnerability from the ground up . The latter may be due to the fact that the standard was designed to be used in areas with low processing capacity, since a more secure algorithm could have generated authentication problems.
Luckily, most of the connections that are made today do not use GEA-1 or GEA-2 , although there are a multitude of compatible mobiles launched even in 2018, such as the iPhone XR or the Galaxy S9. Since 2013, the ETSI prohibits the implementation of GEA-1 in mobile networks, although GEA-2 and GEA-0 are mandatory. The researchers also recommend that work on GEA-3 be started to prevent.