Google has finally added a setting to Android that allows users to deactivate 2G connections, which have many privacy and security issues that cell-site simulators exploit. The addition of the option was noticed by the Electronic Frontier Foundation (EFF), which hails it as a win for privacy protection.
A cell-site simulator, often known as a “stingray” or an IMSI Catcher, is a device that imitates a cell tower and forces cell phones in its vicinity to connect to it. The operators of these Stingrays can use this connection to undertake man-in-the-middle attacks and intercept sensitive personal information like:
- Device IMSI (international mobile subscriber identity)
- SMS and voice call content
- Call metadata like dialed number and duration
- Data usage and web browsing history
Unfortunately, law enforcement officials have used this form of data interception regularly and indiscriminately during peaceful protests in supposedly democratic countries with stringent data privacy legislation. Furthermore, recorded incidents of private deployment of “stingrays” have been increasingly common in recent years, indicating that communication network vulnerabilities are being exploited.
Although most of these issues have been fixed in 4G, the simulated base stations can degrade neighboring device connections to 2G, thus setting the groundwork for exploiting earlier flaws. Having a mechanism to avoid this on the user end is a huge step forward, and while shutting down 2G connections won’t solve all of the world’s security issues, it’s a solid start.
While Android users may choose whether or not to accept 2G cellular connections on their device, the option is enabled by default. If you wish to disable it, navigate to ‘Settings → Network & Internet → SIMs → Allow 2G‘. Depending on the manufacturer of your device and the Android skin you use, the path to that setting may change.
