It was revealed that the GPRS encryption algorithm used in early mobile phones was deliberately weakened

[[406364]]

A team of researchers from several European universities has just pointed out in a paper that the vulnerability of the GPRS encryption algorithm used in early mobile phones was not accidental. Subsequent facts have proved that their suspicions were correct. As Vice highlights, GEA-1 was mainly used for mobile phone data encryption in the 1990s and 2000s. The algorithm was originally thought to provide full 64-bit encryption security, but in their cryptanalysis, the research team found that its security was actually limited to 40 bits at design time.

To further verify the finding, the research team also obtained more details about the GEA-A and GEA-2 algorithms from unnamed sources so that they could conduct a comprehensive analysis and identify weaknesses. The results confirmed the "unlikely" coincidence.

TechSpot pointed out that an attacker with the ability to intercept a phone's data traffic could exploit the vulnerability to decrypt all messages in a conversation.

Vice also contacted the European Telecommunications Standards Institute (ETSI), which designed the GEA-1 encryption algorithm, and a spokesperson for the organization acknowledged in an email statement that the algorithm does contain a weakness.

But the reason it was introduced is that it was required to be present because ETSI needed to comply with export control regulations that limited the strength of GEA-1.

Such export controls were fairly common given the international situation at the time, and The Register reported that France had enacted a similar rule that banned anything over 40-bit encryption.

Håvard Raddum, who participated in the new research, complained: "In order to cater to these restrictive policies, millions of users have been unable to obtain the safe online protection they should have for a long time."

However, the biggest problem revealed by this study is that no export controls were explicitly mentioned when the GEA-1 standard was formulated and launched.

Moreover, the research team found that even though the difficulty of technical operation has increased, the GEA-2 algorithm is still vulnerable to attacks.

Thankfully, neither standard has gained widespread adoption, with vendors preferring newer, more secure encryption algorithms — although networks in some markets still use them as a fallback.