GSMs vulnerabilities have been known a long time now. UMTS was supposed to fix those problems. Why is GSM still used?
Asked
Active
Viewed 8,575 times
34
-
22I still use my 6230i, which is 2G only. The battery lasts a whole week, and I get a visual warning when someone is messing with the network (IMSI catcher). So far, I haven't found a 4G replacement with the same capabilities. – Simon Richter Sep 08 '14 at 15:44
-
9The question implies that the mere existence of any vulnerability is sufficient to drive major infrastructure decisions and that those decisions are implemented overnight. That's naive. – Relaxed Sep 09 '14 at 08:40
-
4Your question isn't just valid for GSM, but for many types of legacy protocols and software. Most known example (currently) is WinXP. Being old/vulnerable isn't a good enough argument to be removed from use. – Mast Sep 09 '14 at 08:50
-
1@Relaxed I wouldn't call that overnight. UMTS licenses have been sold in Germany in 2000, the first network world wide was implemented in 2001, says Wikipedia. Also it wasn't clear to me that there is an issue with the infrastructure beyond maybe software. Also my question was targeted more at _new_ phones, not old ones. It is clear that you don't want to drop the support for old phones, but why still implement and use it in new ones? The answers i got answer that well. – kutschkem Sep 09 '14 at 09:38
-
A quick and easy solution would be to have options to choose what kind of network our phones connect to, so you can have the choice of security by disabling GSM on your device without forcing everyone to switch phones. – Sep 09 '14 at 12:43
-
@AndréDaniel Which is quite easy to do on an Android device - you can forbid it from using 2G completely. Or vice versa - 2G is much more power efficient. It is very rare for a technology not to involve compromises, so forcing everyone to adopt all updates is controversial :) – Luaan Sep 09 '14 at 12:54
-
It sounds like asking why can't your first iPhone phone run LTE? Obviously software updates can't help there if the hardware isn't there. So that's the same for carriers, they need different/newer hardware, but they also want people to have reception in possibly more area, therefore they're doing the switch slowly. It's also no use to have all the stations nationwide equipped with LTE support if the number of users having LTE capable phones are let's say below 30%... – Arturas M Sep 09 '14 at 15:29
-
@SimonRichter not directly related to the question, but I was wondering how the 6230i detects an IMSI catcher. It's interesting a phone from that time would have integrated detection, but I was unable to find any sources on it (ironically I did find a paper on BT vulnerabilities that used it). And for posterity, Android has had applications that detected the operation of IMSI catchers (amongst other network security issues),for at least couple of years now (they run on just about any Android phone). And iOS 5 added this feature to the iPhone, circa 2011,so most smartphones can detect them. – Selali Adobor Sep 10 '14 at 02:24
-
@kutschkem And yet, the German networks (presumably with limited coverage) were [launched in 2004](https://en.wikipedia.org/wiki/List_of_UMTS_networks), which underlines my point, and widespread consumer adoption of smartphones started around 2008 or so. “Overnight” was an exaggeration but I have worked on systems and software that are decades old, you seem to vastly underestimate how long these things take. Meanwhile, you haven't provided any clear rationale for the switch at all (Are these vulnerabilities actually exploited? Do they create significant liabilities for the networks?). – Relaxed Sep 10 '14 at 12:53
-
@AssortedTrailmix, it displays a small open lock when the connection to the base station is unencrypted. – Simon Richter Sep 10 '14 at 15:49
4 Answers
41
This started as a comment reply to @user10008 but got too long...
Even after the towers are all upgraded, the carriers can't immediately switch off 2g service for a number of reasons. The biggest issue there is that not everyone upgrades their phone frequently; in particular this is true of people who use it as just-a-phone or an emergency-use-only-phone.
There are also commercial/industrial embedded systems that use the cellular network to report home. Low bandwidth devices like monitoring systems, ATMs, or credit card readers have no need for high speed data and no reason for the owners to upgrade frequently. AFAIK they typically have SLAs with carriers to guarantee longer term operation than the standard 2 year consumer contract.
Regulatory issues can also be involved. In the US, you're not allowed to turn off a voice network without giving customers free new phones without contract extensions. As a result, the major US carriers have scheduled 2017-21 sunset dates for 2g service to give as much time as possible for the long tail to upgrade on their own. That said, the carriers probably will refarm all but a tiny sliver of their 2g spectrum to 4g (5g?) prior to the shutdown to maximize utilization rates. When the finally do force the issue and shut down their 2g network, they probably will end up having significant numbers of customers who were coasting month to month due to apathy shop around and decide to change carriers.
When Sprint shutdown the iDEN (2g with no upgrade path) network they inherited from the Nextel acquisition; they suffered heavy customer attrition in the final months from people deciding to switch carriers instead of taking a free replacement. IIRC the loss rate for the final few months was >50% of the remainder and several hundred thousand customers in total.
Dan Is Fiddling By Firelight
- 1,382
- 10
- 14
-
It will most likely still be 4G in 3-5 years; we have yet to hit actual 4G speeds anyway (100Mbps), and we've been on 4G for years now. – TylerH Sep 08 '14 at 14:33
-
@TylerH 2g was first deployed in 91, 3g in 98, and LTE in 08. At the tail end of the time range range, I could see Verizon choosing to deploy an LTE successor on it's current 2g spectrum. Lastly, while it's an OT debate here I'm of the opinion that the needs separate spectrum to operate on criteria that marked 1g vs 2g, and 2g vs 3g transitions; is a more appropriate differentiator for when 4th generation cellular systems came into being than a purely arbitrary speed number. – Dan Is Fiddling By Firelight Sep 08 '14 at 14:51
-
Slightly off subject but possibly a reason people would want to get off 2G networks - fake towers, b.k.a. [Stingrays (TM)](http://arstechnica.com/tech-policy/2014/09/cities-scramble-to-upgrade-stingray-tracking-as-end-of-2g-network-looms/) – Rich Homolka Sep 09 '14 at 02:12
-
@RichHomolka I'm almost certain your "slightly off topic" was the reason the question was asked.... – Dan Is Fiddling By Firelight Sep 09 '14 at 04:16
36
In order to make a cellphone tower UMTS-capable, various hardware upgrades need to be made to it. This costs money. For that reason, many cellphone towers, especially in rural areas, have not been upgraded yet.
As long as there is not near-100% UMTS coverage, cellphones will still need to support a pure GSM connection to ensure that the user has connectivity in areas where no UMTS is available yet.
-
Why is there dual network operation? Something else than legacy devices? – user10008 Sep 08 '14 at 12:58
-
2@user10008 You mean CDMA vs. GSM? Again, money. US carriers decided to go two different ways and now they have a ridiculous split system where different phones don't work on different carriers. – Polynomial Sep 08 '14 at 13:34
-
@Polynomial in context I think he was asking about why 2g networks are still around when 3g has been out for many years. – Dan Is Fiddling By Firelight Sep 08 '14 at 13:51
-
3One other thing to take into consideration is some customers can be unusually attached to their phones if they work for them. It is difficult to "force" them to upgrade their phone. You can't even begin to think about shutting off a technology until most of your customer base has devices that support the technology – psubsee2003 Sep 08 '14 at 14:00
-
@Polynomial which is, of course, the *same* situation since UMTS is CDMA :) – hobbs Sep 09 '14 at 03:28
1
GSM is cheap and good for land with many water bodies, say like small islands and so on. Cheaper goods sell in large populations and Asia got covered by GSM before the CDMA tried its best.
CDMA is good in contiguous land area. The sound quality is much better. But royalty has to be payed to Qualcomm who developed CDMA. Hence the technology, subscriber connection and handsets all became costly while adoption rate was low.
UMTS came as GSM upgrade. But needed various upgrades across the board, manufacturing, chipsets, handsets, towers, software all had to be upgraded. The adoption of GSM by large population pre-empts the case where everybody uses only UMTS
I read this answer in some book.
AAI
- 111
- 2
-
CDMA is also more secure than GSM (just a note since you provided a compare/contrast answer). – Sep 10 '14 at 15:59
0
It's not.
Many existing GSM networks are in the process of being shutdown -- AT&T has already announced a year or two ago about its plans to shutdown its GSM network completely by the end of 2016. As others mentioned, migration and shutdown takes time, since both the towers and the end-user equipment must be upgraded.
Some latecomer mobile operators have likewise never even had any GSM networks in the first place -- three.co.uk, windmobile.ca, mobilicity.ca -- all have started out after UMTS was already available, and have never deployed GSM, going straight to UMTS.
Another matter is that a lot of people incorrectly refer to these UMTS operators as "GSM", where you might be led to believe that you'd be getting onto a GSM network with Wind Mobile, for example, whereas their network is 100% UMTS (apart from roaming agreements with legacy operators, which are still running their GSM networks for legacy users).
Also consider that all leftover GSM networks in the whole world run on a set of like 4 bands in total, whereas the number of bands for UMTS and LTE is so plentiful that even experienced users would have to triple-check the specs of each phone against the full set of the bands utilised by the operator to ensure maximum coverage and compatibility. This is especially important for M2M applications (like, say, cars), where you want to keep the costs to an absolute minimum, and life cycle may be quite long.
Also, some countries, like Japan, have long as completely shut down their 2G networks.
cnst
- 1,884
- 2
- 19
- 30