Last year Google quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is a fantastic feature that will provide some protection from cell site simulators, an invasive police surveillance technology employed throughout the country. We applaud Google for implementing this much needed feature. Now Apple needs to implement this feature as well, for the safety of their customers.
What is 2G and why is it vulnerable?
2G is the second generation of mobile communications, created in 1991. It’s an old technology from a time when standards bodies did not account for certain risk scenarios such as rogue cell towers and the need for strong encryption. As years have gone by, many vulnerabilities have been discovered in 2G.
There are two main problems with 2G. First, it uses weak encryption between the tower and device that can be cracked in real time by an attacker to intercept calls or text messages. In fact, the attacker can do this passively without ever transmitting a single packet. The second problem with 2G is that there is no authentication of the tower to the phone, which means that anyone can seamlessly impersonate a real 2G tower and a phone using the 2G protocol will never be the wiser.
Cell-site simulators sometimes work this way. They can exploit security flaws in 2G in order to intercept your communications. Even though many of the security flaws in 2G have been fixed in 4G, more advanced cell-site simulators can downgrade your connection to 2G, making your phone susceptible to the above attacks. This makes every user vulnerable—from journalists and activists to medical professionals, government officials, and even law enforcement.
What you can do to protect yourself now
If you have a newer Android phone (such as a Pixel, or newer Samsung phone) you can disable 2G right now by going to Settings > Network & Internet > SIMs > Allow 2G and turning that setting off.
Here by default 2G is enabled.
Now 2G is disabled
If you have an older Android phone, these steps may or may not work. Unfortunately due to limitations of old hardware, Google was only able to implement this feature on newer phones. If you have a newer Samsung phone you may also be able to shut off 2G support the same way, unfortunately this is not supported on all networks or all Samsung phones. For iPhone owners unfortunately Apple does not support this feature, but you can tweet at them to demand it!
Tell apple: Let us turn off 2G!
We are very pleased with the steps that Google has taken here to protect users from vulnerabilities in 2G, and though there is a lot more work to be done this will ensure that many people can finally receive a basic level of protection. We strongly encourage Google, Apple, and Samsung to invest more resources into radio security so they can better protect smartphone owners.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org