Android Headlines has carried a number of articles over the summer months concerning mobile security, including around the use of IMSI catchers, and today we reveal that T-Mobile USA have been and continue to work on upgrading their legacy 2G network to make it significantly harder to hack. This is because the IMSI catcher can only work on older generation, less secure 2G networks. The unit is often deployed with 3G and 4G jammers, because the more modern networks use more secure encryption technologies so the hacker must block access to these. The IMSI catcher then spoofs the genuine carrier mast but has a higher power output, relying on our mobile device's desire to connect to the strongest signal possible to reduce power consumption.
In the article I've linked to above, I conclude by saying that the best form of defense is for our carriers to upgrade their networks to a newer encryption standard and I'm pleased to see that T-Mobile USA is doing just that. Testing by The Washington Post shows that T-Mobile has upgraded its 2G encryption standard to A5/3 in the New York, Washington and Boulder, Colorado areas. The A5/3 standard is much tougher to decrypt. In a statement, the carrier said, "T-Mobile is continuously implementing advanced security technologies in accordance with worldwide recognized and trusted standards." The upgrade follows T-Mobile USA's parent, Deutsche Telekom, working to upgrade their entire German 2G network to the same A5/3 standard after it was revealed that the NSA was eavesdropping on phone calls by German Chancellor Angela Merkel. The newer standard makes it harder to eavesdrop.
It's encouraging that T-Mobile USA are upgrading the encryption standards of their 2G network. America's other 2G carrier, AT&T, reported last year that they were deploying A5/3 encryption but in the same tests (in New York, Washington and Boulder), calls made and received over the 2G network still used A5/1 encryption. In a statement, the carrier said, "AT&T always protects its customers with the best encryption possible in line with what their device will support." AT&T are also planning to shut down their 2G network by the end of 2017, replacing it with the more secure 3G and 4G networks. Across America, they estimate that just 13% of connections used 2G in 2013 and so the risk is reduced. Still, I would like to see A5/3 encryption rolled out to every single 2G mast - especially in Europe and the UK, where over two thirds of cell 'phone use is over the 2G network.