T-Mobile's Encryption Upgrade Makes Eavesdropping On Its 2G Network Harder

T-Mobile seems to have made good on its parent company's (Deutsche Telekom) promise, from last year, to upgrade its 2G networks to a stronger encryption standard after the Snowden revelations forced many firms (especially abroad) to take a better look at their security and the security of their customers.

The new encryption standard is called A5/3 and should be much harder to crack, while the old one was called A5/1 and could be cracked even by a single PC back in 1999. In 2008, passive surveillance of the "encrypted" 2G network was already possible.  

T-Mobile aims to stop this sort of surveillance with the new A5/3 encryption standard, although it won't be able to stop targeted attacks by IMSI Catchers, which are devices the police, FBI and potential criminals may be using to eavesdrop on phone conversions and texts over a certain local area.

When asked about this by the Washington Post, which tested both T-Mobile and AT&T's networks for the new encryption standard for 2G networks, T-Mobile didn't seem willing to give too many details about it:

"T-Mobile is continuously implementing advanced security technologies in accordance with worldwide recognized and trusted standards."

The comment seems conservative – perhaps too conservative. After the recent FBI backlash against Apple and Google's new default encryption for local storage on mobile devices, it's possible T-Mobile didn’t want that kind of “attention” from the FBI, too, which is probably why it didn’t try to promote its new encryption the way Apple and Google did.

AT&T’s network was found to use the old A5/1 encryption standard, but the company seems to believe that’s adequate protection for most devices:

“AT&T always protects its customers with the best encryption possible in line with what their device will support.”

AT&T plans to shut down its entire 2G network by 2017. The 3G and 4G wireless technologies already have much better encryption, which is why most IMSI catchers that exist today don’t try to break the 3G or 4G encryption, but instead force the device to switch to the 2G network. Some next-generation IMSI Catchers are promoted by the companies selling them as being able to crack 3G and 4G encryption, too (or at least go around it somehow, with the same result of getting the target’s data).

Wireless providers can and should do more to upgrade their networks with better security standards. This won’t stop the FBI or the police from requesting data about a customer, but it could stop abusive mass surveillance practices that are currently possible mainly because the technology and poor security allow it to happen.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.