A research team has discovered a security gap in modern mobile phones that is very unlikely to have been created by accident. In fact, it should have

Newsportal - Ruhr-Universität Bochum

submited by
Style Pass
2021-06-16 17:30:06

A research team has discovered a security gap in modern mobile phones that is very unlikely to have been created by accident. In fact, it should have been removed back in 2013.

The encryption algorithm GEA-1 was implemented in mobile phones in the 1990s to encrypt data connections. Since then, it has been kept secret. Now, a research team from Ruhr-Universität Bochum (RUB), together with colleagues from France and Norway, has analysed the algorithm and has come to the following conclusion: GEA-1 is so easy to break that it must be a deliberately weak encryption that was built in as a backdoor. Although the vulnerability is still present in many modern mobile phones, it no longer poses any significant threat to users, according to the researchers.

“Even though intelligence services and ministers of the interior understandably want such backdoors to exist, they are not at all useful,” says Professor Gregor Leander, Head of the Workgroup for Symmetric Cryptography. “After all, they are not the only ones who can exploit these vulnerabilities, any other attackers can exploit them as well. Our research shows: once a backdoor is implemented, it is very difficult to remove it.” Accordingly, GEA-1 should have disappeared from mobile phones as early as 2013; at least that’s what the mobile phone standards say. However, the research team found the algorithm in the current Android and iOS smartphones.

Leave a Comment
Related Posts