1 was 'weak by design', still lingers in today's phones

2021-06-17 01:44

The GEA/1 encryption algorithm used by GPRS phones in the 1990s was seemingly designed to be weaker than it appears to allow eavesdropping, according to European researchers.

A paper just out by academics at Germany's Ruhr-Universität Bochum, with help from Norwegian and French experts, has found [PDF] that GEA/1 only really offered 40-bit encryption, by design, and the way encryption keys were subdivided made the system relatively easy to break if you knew how at the time.

In the late 1990s strong encryption still had an uncertain legal status, and many countries had prohibitions on the export of such technology.

Crucially, GEA/1 is still hanging around as a backup algorithm in some recent Google Android and Apple iOS handsets - such as the iPhone XR and Huawei P9 lite - the researchers found, whereas the specifications have banned it.

A rogue phone mast can downgrade a nearby handset's data traffic encryption to GEA/1 if the phone still supports it, which can be cracked and inspected, or perhaps even to GEA/0 which has no encryption at all.

" creates 'downgrade attacks' where phones support both algorithms, but a clever attacker can force your phone to use the weak algorithm and then break the encryption," Prof Green explained.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/17/gprs_encryption_backdoor/

#encryption #mobile #phone