Researchers from Germany, France and Norway said in a research paper published on Wednesday that the vulnerability affected the “GPRS” (General Packet Radio Service) of the second generation (2G) wireless communication systems.
While most phones now use 4G or even 5G, General Packet Radio Service (2G) is still used in some countries.
The researchers said it is unlikely that the GEA-1 vulnerability was coincidental, and may even have been intentionally created to provide law enforcement agencies with a “back door” and comply with laws restricting the export of strong encryption tools.
One of the researchers behind the study, Christoph Bierle of Ruhr University Bochum, likened that the GEA-1 algorithm was due to be “out” of smartphones by 2013 but is still present in some Android and iOS phones.
The study indicates that manufacturers of phones and software systems have been informed in order to correct the defect.