Google issues Android 14 security fix to ward off 2G attacks


Google claims that it has released a first-of-its-kind fix for Android 14 phones, which will protect them from being forcibly migrated over to more vulnerable 2G systems by threat actors.

“Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises,” the tech giant said.

What this means is that Android 14 is introducing a tool that allows IT administrators to disable 2G support in the company devices they are tasked with overseeing.

The problem with 2G support arises, Google claims in its recent bulletin, when a cybercriminal can force a target device to migrate over to the more primitive network, which is more vulnerable to cyberattacks.

“When available, any mobile device will connect to a 2G network,” it said. “This occurs automatically when 2G is the only network available, but this can also be remotely triggered in a malicious attack, silently inducing devices to downgrade to 2G-only connectivity and thus ignoring any non-2G network.”

This can apparently be done regardless of whether local network operators have shuttered their 2G networks, leaving devices open to being set up for a cyberattack.

“Recognizing the far-reaching implications of these attack vectors, especially for at-risk users, Android has prioritized hardening cellular telephony,” said Google.

It cites research done since 2010, which demonstrates how 2G communications traffic can be easily intercepted and deciphered. First established in 1991, 2G networks are widely regarded as being obsolete in security terms, it added.

This obsolete security is commonly exploited by Stingrays, “obscure yet very powerful surveillance and interception tools” that Google suggests might have been used to infect journalists’ phones with the Pegasus malware.

“This Stingray-based fraud attack, which likely downgraded device’s connections to 2G to inject SMSishing payloads, has highlighted the risks of 2G connectivity,” said Google.


More from Cybernews:

Cyber fraudster jailed over internet scam that provoked suicide

China melting its leverage: will we run out of gallium and germanium?

TD Ameritrade reveals MOVEit attacks exposed thousands

Northern Irish police exposes data of all its staff

Tesla selling Cybertruck-inspired cat beds in China

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked