Cell site simulators can intercept data on 2G
(Image credit: Shutterstock)
Google has added a feature to its Android mobile operating system that allows users to disable 2G connections, reducing the risk of being spoofed by a rogue cell tower.
Cell site simulators or ‘stingrays’ pose as legitimate cell towers, tricking phones within its range to connect to it. This allows attackers to stage man-in-the-middle attacks that exploit weaknesses in the aging 2G standard to intercept device information, call records, voice and text content, and browsing history.
2G is the weapon of choice because it is more vulnerable than modern communications technology like 4G and 5G which have stronger security. 2G was standardised in the early 1990s during an era when mobility was far from ubiquitous and the cybersecurity landscape far less complex.
Two of the biggest issues are that 2G is protected by relatively weak encryption that can be cracked in real-time during transmission and there is no method to verify an authentic base station. This means it is far easier to mimic a genuine cell site and end users won’t know the difference.
Although 2G has been superseded by three mobile generations, most mobile operators still have 2G networks to support mass IoT deployments that require long battery life and minimal bandwidth, such as smart metres, to provide coverage to some elderly and rural users, and to provide a universal roaming service.
More advanced cell site simulators can force devices to ‘downgrade’ their connection from 4G or 5G to 2G, exposing them to risk. Given these users will most likely never need to connect to a 2G network, the ability to switch off the capability is most welcome.
Android users with modern hardware and the latest version of the operating system can do so via the settings menu. The Electronic Frontier Foundation (EFF) has welcomed the new feature, although it laments that users with older handsets are not covered, and has urged Apple to introduce the same feature to iOS.
“This is a fantastic feature that will provide some protection from cell site simulators, an invasive police surveillance technology employed throughout the country,” declared the campaign group. “We applaud Google for implementing this much needed feature.
“Though there is a lot more work to be done this will ensure that many people can finally receive a basic level of protection. We strongly encourage Google, Apple, and Samsung to invest more resources into radio security so they can better protect smartphone owners.”
TechRadar Pro has contacted Google for more information about which devices and Android versions are compatible with the feature.