"A Backdoor In Mobile Phone Encryption From the 90s Still Exists"
Researchers from Ruhr-Universität Bochum (RUB), in collaboration with colleagues from France and Norway, analyzed the encryption algorithm GEA-1, which was implemented in mobile phones in the 1990s for data connection encryption. They found that the GEA-1 algorithm is significantly easy to break, making it likely that it was created as a backdoor. The algorithm still exists in current Android and iOS smartphones, but according to the researchers, it no longer poses any major threat to users. However, the researchers say that the GEA-1 algorithm should have been removed from mobile phones as early as 2013. The analysis of GEA-1 showed that the algorithm generates encryption keys subdivided into three parts, two of which are nearly the same. These keys are relatively easy to guess because of their architecture. The team also analyzed the GEA-2 algorithm, finding that it is only slightly more secure than GEA-1, but it does not seem as though the algorithm is intentionally insecure like its predecessor. The encryptions produced by GEA-1 and GEA-2 are said to be so weak that they could be used to decrypt and read live encrypted data sent over 2G. The researchers assume that these vulnerabilities no longer pose a serious threat to users as most data traffic is now sent over the 4G LTE network. Additional transport encryption has also been put in place to protect data. This article continues to discuss key findings from the analysis of the GEA-1 and GEA-2 algorithms and why they still exist in mobile devices.
RUB reports "A Backdoor In Mobile Phone Encryption From the 90s Still Exists"