Why Android Users Can Now Disable 2G to block Stingray Attacks?

Why Android Users Can Now Disable 2G to block Stingray Attacks?

Google has finally rolled out an option on Android permitting users to disable 2G connections which come with a host of privacy and security problems exploited by cell-site simulators. Additionally, the option was traced by EFF (Electronic Frontier Foundation), which calls the development a victory for privacy protection.

How is it Captured by “Stingrays”?

A cell-site simulator, also known as “Stingray” or IMSI catcher, is a device that disguises as a cell tower, forcing cell phones in their range to connect to it. This connection allows the operators of these Stingrays to perform man-in-the-middle attacks and arrest sensitive personal data like:

  • Device IMSI (international mobile subscriber identity)
  • Call metadata like dialed number and duration
  • SMS and voice call content
  • Data usage and web browsing history
Why-Android-Users-Can-Now-Disable-2G-to-block-Stingra-Attacks-image1

Unluckily, this procedure of data interference has been repeatedly and instinctively set up by law enforcement authorities during peaceful protests in otherwise democratic countries where the data protection laws apply strictly.

Moreover, the documented cases of private deployment of “stingrays” have also been generous in recent years, so the harm of communication network vulnerabilities is widespread.

Most of these vulnerabilities have been addressed in 4G, but the assumed base stations have a way to downgrade nearby devices connections to 2G, importantly laying the ground for exploiting previous bugs.

Why Accommodating 2G on Android?

While Google has provided the Android users the option not to permit 2G cellular connections on their device, the setting is turned on by default. If you want to turn it off, you can go to ‘Setting à Network & Internet à SIMs à Allow 2G’. Relying on the device maker and the Android skin utilized, the path to access that setting may be different.

Why-Android-Users-Can-Now-Disable-2G-to-block-Stingray-Attacks-image2

Note that the Setting has only been made available on Android 12 for now. Xiarch has tested Android 11 and Android 10, but the option is not yet available. We have also asked Google to clear if there are hardware needs too for this new option to work, and they told us that the modem needs to support the 1.6 Radio HAL, which is available only on the advanced devices.

Also, it’s important to clarify that 2G remains active as a backup for emergency calls no matter what position the toggle is set to, so there’s no way to disable it completely. Eventually, Apple hasn’t given iPhone users a option to lock their devices to 4G/5G connectivity only, but now that Google has taken that step, it’s likely the competition follows.

Leave a Reply