In context: Cell-site simulators (CSS), sometimes called stingrays or IMSI catchers, are tools law enforcement and governments employ for various warranted tasks, including tracking phone locations, intercepting communications, espionage, and installing malware. Unfortunately, criminals can also use cell-site simulators.
Using a CSS involves creating a fake 2G cell tower and tricking the target phone into connecting. Every big carrier in the U.S. except T-Mobile has disabled their 2G and 3G networks, though T-Mobile plans to do so in April 2024.
However, all cellular devices can connect to 2G and 3G towers because many countries still have active 2G networks. Some developing nations rely solely on the old standard. Therefore, manufacturers choose not to remove the capability since it could leave portions of their user base without service.
In 2021, Google released an optional feature for Android devices to turn off the ability to connect to 2G networks. However, almost all third-party Android manufacturers do not implement the feature. The most notable is Samsung, which has no plans to enable this function. Apple has also neglected the issue for the last few years. However, iOS 17 introduces Lockdown Mode, which prevents iPhones from connecting to insecure 2G towers.
Google’s protective measures against CSS attacks go even further by preventing the device from using “null ciphers.” Usually, connections with cell towers are fully encrypted with a “symmetric cipher,” but null ciphers are not encrypted whatsoever. They are typically used by technicians performing network testing. Phones also generate null ciphers for 911 calls if the SIM is damaged or missing. Unfortunately, since data is not encrypted with a null cipher, a hijacker using a stingray can take advantage of null ciphers and intercept any data from the connected device, such as messages, calls, and internet traffic.
Unless you specifically need 2G connectivity, it may be a good idea to disable the feature if your device allows it. Users on iOS might want to consider enabling Lockdown Mode. However, Lockdown Mode does much more than just block 2G connections. It was designed to protect journalists, government officials, and other high-profile targets who could fall victim to state-sponsored attacks. So you may have to decide whether the additional restrictions are worth it.
As for Android users, only those on a Pixel 6 or newer can disable 2G services. Until third-party Android manufacturers take advantage of Google’s measures, other Android devices will remain vulnerable to CSS attacks.