A crypto flaw has been found in the GPRS (2G) mobile data standard. The researchers (Christof Beierle, et al) said the vulnerability in the GEA/1 algorithm is unlikely to have been an accident, and was probably created as a backdoor for law enforcement. Instead of 64-bit protection it only provides 40-bit and is vulnerable to downgrade attacks. GEA/1, GEA/2 and GEA/3 are known to have weaknesses.
https://eprint.iacr.org/2021/819
https://abcnews.go.com/Business/wireStory/security-flaw-found-2g-mobile-data-encryption-standard-78309008
https://www.theregister.com/2021/06/17/gprs_encryption_backdoor/