1

Given that 2G is proven to be insecure (broken) at DefCon, is it possible for a Corporate IT department to work with the Telco and ban 2G connections for their devices?

Some cell phones are unable to disable 2G connections or exclusively use 3G, and so I'm trying to shore up this issue with the Telco if possible.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • As a general rule, telcos have no way to do this. They don't have that kind of control over their partner's networks. However, you may be able to instruct your own phones not to make 2G connections. Some 3G phones have a "3G only" option. – David Schwartz Mar 04 '12 at 00:37
  • @DavidSchwartz If they don't have direct control over partners, is information (verified or not) passed along that describes the connection type? – makerofthings7 Mar 04 '12 at 01:27
  • Information is passed along for billing purposes. I'm not sure at what level it is aggregated as it is sent between partners. It may be at too high a level to contain information about individual connections. (Consider a phone moving from site to site.) – David Schwartz Mar 04 '12 at 02:19
  • 1
    Even if this were possible you don't actually want this to happen. Phones have backwards support for a reason. There are regions that do not have 3G and thus our phones have to support 2G. There are also phones that don't support 3G currently in use. Why are you worried about this? – Ramhound Mar 06 '12 at 18:47
  • @Ramhound The worry is most likely due to the broken state of the A5/1 cipher. However KASUMI (the cipher used by 3G) is not perfect, and authentication is still broken. – forest Feb 20 '18 at 05:52
  • 6 year old commentary. Why are you pinging me after 6 years? In 2012 3G with 2G failover was a thing. Now 3g is the failover connection. 2G isn’t operable today in 2018 – Ramhound Feb 20 '18 at 12:23

2 Answers2

2

Asking the telco to do this would not solve your problem. The biggest issue with 2G is that the base stations are relatively cheap (approx. £600; this is from someone who gave a talk at Over The Air) and, loaded with OpenBTS, can allow an attacker to set up a nefarious 2G base station wherever they want. Unless you can lock the phone down to only use 3G, or to only use certain base stations, you have a problem.

Here is a rather good video from Chaos Computer Club Congress which explains a lot of the details of how mobile phone networks work (I've been to other talks where they've demonstrated 2G highjacking with an OpenBTS base station). It can get very technical (and there are a grotesque number of acronyms) but may help with anything mobile.

http://www.youtube.com/watch?v=759Ftfe2TUM

webtoe
  • 453
  • 2
  • 3
  • Forcing the phones to 3g/4g would be the best prevention, however time is the enemy. I'm sure in the next couple of years a 3g base station will be much more affordable. Fast forward again and the next gen tech will eventually be the same. – Brad Mar 30 '12 at 18:25
  • This is true. I went to a talk by the gentleman who developed the encryption for the GSM standard (A5/1). His remit was to make an encryption standard that didn't require powerful chips (mobile phone companies wanted cost/power to be low) and would last 20-25 years. It lasted that long before it was finally cracked. – webtoe Apr 02 '12 at 10:49
1

The only real solution IMO would to be replace the devices with encrypted ones that encrypt ALL communications.

check out: http://www.dpl-surveillance-equipment.com/100602.html

http://www.endoacustica.com/scramblers_en.htm

http://www.global-teck.com/english/telecomproducts This site has info on blackberry and windows mobile encryption software for voice, text, and data. This may be the way to go.

The only drawbacks are expense and both parties in conversation will need to be compatable with each other.

Brad
  • 849
  • 4
  • 7