Security News > 2023 > August > New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet.

"The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic," Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle said.

"Android does not rely on link-layer encryption to address this threat model. Instead, Android establishes that all network traffic should be end-to-end encrypted."

2G networks, in particular, employ weak encryption and lack mutual authentication, rendering them susceptible to over-the-air interception and traffic decryption attacks by impersonating a real 2G tower.

To make matters worse, an adversary could launch a stealthy downgrade attack using advanced cell-site simulators that force the handsets to connect to a 2G network by taking advantage of the fact that all existing mobile devices still feature support for 2G bands.

Google, in an attempt to address some of these concerns, added an option to disable 2G at the modem level with Android 12 in early 2022.

News URL

https://thehackernews.com/2023/08/new-android-14-security-feature-it.html