Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deutsche Telecom Upgrades T-Mobile 2G Encryption In US

Posted by timothy on from the tell-all-your-grandparents dept.

An anonymous reader writes T-Mobile, a major wireless carrier in the U.S. and subsidiary of German Deutsche Telecom, is hardening the encryption on its 2G cellular network in the U.S., reports the Washington Post. According to Cisco, 2G cellular calls still account for 13% of calls in the US and 68% of wireless calls worldwide. T-Mobile's upgrades will bring the encryption of older and inexpensive 2G GSM phone signals in the US up to par with that of more expensive 3G and 4G handsets. Parent company Deutsche Telecom had announced a similar upgrade of its German 2G network after last year's revelations of NSA surveillance. 2G is still important not only for that 13 percent of calls, but because lots of connected devices rely on it, or will, even while the 2G clock is ticking. The "internet of things" focuses on cheap and ubiquitous, and in the U.S. that still means 2G, but lots of things that might be connected that way are ones you'd like to be encrypted.

3 of 27 comments (clear)

  1. How's this affect StingRay(tm)s by cant_get_a_good_nick · · Score: 2

    Obligatory Ars Link. From what I understand, fake towers work by forcing you to downgrade to 2G. Will this obviate that risk?

    1. Re:How's this affect StingRay(tm)s by lart2150 · · Score: 2

      There's two types of attacks. One is a fake tower the other is just listening in/relay of signal to a real tower with out any funny business. The change T-mobile is making will help prevent the later but the downgrade attack will still work. As long as the device supports the insecure standards the fake towers will work for downgrade attacks (assuming they prevent you from connecting to a better tower).

  2. But disabling GSM when possible is still smart by IamTheRealMike · · Score: 2

    GSM (2G) encryption did not authenticate the cell tower, whereas UMTS (3G) and above do. Cell tower authentication should break devices like the Stingray and other forms of fake base station, unless/until governments start forcing cell carriers to hand over the signing keys for tower identities. But as devices like Stingray exist more or less exclusively to get around the warrant requirement and no carrier would assist in that way without a court order, that places the police in the awkward position of asking a judge to write an order than can only be for avoiding the same judges authority....