Edgar Cervantes / Android Authority
TL;DR
- Android 14 will introduce two important changes to protect against cellular network attacks.
- Android Enterprise customers will be able to restrict a device’s ability to downgrade to 2G connectivity.
- The software will also protect users’ voice and SMS traffic if carriers don’t use encryption or integrity protection.
Google has published a blog post detailing the new security measures in Android 14 to protect users against cellular attacks. The new software gives users even more control over 2G network usage and other connectivity aspects that malicious entities could exploit to intercept voice and SMS traffic.
To start off, Android 14 will allow Android Enterprise customers to turn off 2G connectivity on smartphones and tablets. 2G networks pose several risks and can expose users to Person-in-the-Middle attacks. That means 2G cellular network traffic can be intercepted over the air and decrypted using various nefarious tools such as False Base Stations (FBS) and Stingrays.
While most major carriers have shut down 2G networks in the US, all existing mobile devices still support 2G. So when no other network is available, they connect to a 2G network automatically. However, as Google notes, this can be remotely triggered in a malicious attack.
To avoid any security incidents owing to the risks a 2G network poses, Android 14 will let enterprise customers and government agencies managing devices using Android Enterprise restrict a device’s ability to downgrade to 2G connectivity.
Google first introduced the feature to non-enterprise Android users with Android 12. The Google Pixel 6 was the first phone to allow users to disable 2G at the modem level manually. Since then, the feature has rolled out to all Android devices that conform to the latest radio hardware abstraction layer.
More cellular protections in Android 14
Android 14 will also tackle the risks of cellular null ciphers. Google says cellular networks often fail to encrypt voice and SMS traffic to ensure confidentiality. The company points out that null ciphers have been used in commercial networks to expose user voice and SMS traffic (such as One-Time Password) to trivial over-the-air interception.
Android 14 introduces a user option to disable support, at the modem-level, for null-ciphered connections. This means you can now choose to only use encrypted connections. Google says this functionality will greatly improve communication privacy for devices.
“We expect this new connectivity security feature to be available in more devices over the next few years as it is adopted by Android OEMs,” says Google.