2G networks have been an integral part of mobile communications for more than three decades, and although it was turned off in some countries years ago, its legacy is still an entry point for attacks targeting smartphones or attempts to spy on the target person. Hence, the upcoming new major version of Google’s mobile operating system protects both corporate and individual users with compatible Android devices with enhanced security features.
The double line of defense that comes with Android 14 basically starts with the inability of the smartphone to determine the legality of a 2G network connection before connecting to it. However, due to the outdated security architecture of these networks, the problem usually already occurs, which can lead to the interception, hijacking, or permanent monitoring of voice and SMS traffic, without the user’s knowledge, or even the automatic download of malicious code.
One of the most obvious – though not necessarily cost-effective – attack methods is the so-called FBS (False Base Sations) or Stingray-based attacks, in which a device is directed at a false cell part of the home network itself, which is managed by the attackers. Such attacks are practically impossible on modern 4G and 5G networks, while 2G networks do not use a proper two-way authentication protocol to prevent this.
In the United States today, this is one of the most dangerous forms of attack on mobile devices, despite the fact that 2G networks have now been shut down by all major operators in the country. At the same time, customers’ device modems are still able to connect to 2G networks, and if the phone finds one in the reception area, it usually connects to it automatically – to prevent this, Android 12 introduced the option to turn off 2G calling by the user, which can Accessible by owners of Radio HAL 1.6 or later compatible devices.
This feature carries over to the Android Enterprise Mobile Device Management platform with Android 14, which means that after the release of the new operating system, corporate administrators can remotely disable 2G connectivity on members of the company-owned smartphone fleet they manage, similar to, WiFi or Bluetooth radio disabled .
An additional feature added to the new Android version that makes using older networks safer is that the system will prevent unencrypted circuit-switched (cellular-free encryption) communication at the modem level depending on the appropriate user setting.
The encryption of a circuit-switched connection usually depends on the mobile network configuration and has no effect on that user, moreover, the client can’t even know if the connection is encrypted at all.
According to Google, blocking unencrypted voice and SMS traffic on the device side could go a long way towards making mobile network connections more secure, with no real drawbacks, since 2G networks will still be able to be used for emergency calls regardless of Settings .
Although Android 14 will arrive in the fall, due to the fragmentation of the Android ecosystem, this may take many years, and according to Google, Android OEMs are only expected to successfully implement the functionality in the next few years.