Analysis of (E)GPRS ciphering algorithms used worldwide

2021/06/16 - GPRS and its successor EGPRS (commonly known as EDGE) have been considered legacy technology for many years. Most mobile phones rarely rely on this connectivity anymore, and in fact some mobile operators are thinking of discontinuing support for 2G altogether. Mobile operators in Japan, Australia, Singapore and the US have already switched off their 2G networks, and Switzerland will soon follow. Other operators, especially in Europe, have announced support for the coming years. A large number of legacy devices active on the networks still use 2G, e.g. for machine-to-machine communications such as payment terminals. In some regions of the world, 2G is used daily to provide all kinds of services to people.

Hakan Ekmen, Managing Director at umlaut: 'The security posture of a mobile operator depends on the weakest link. LTE and 5G have a wide range of security options, but millions of people still do not have access to these technologies. 2G networks are still widely deployed and used thus their security remains as important as new technologies. The GPRS ciphering report made available by us is an example of our responsible support to the research community, GSMA and industry as an attempt to bring the security level of the sector to the next level. Get in touch if you want to know more.'

We conducted a thorough analysis of data from 35 countries and 100 operators to answer the question: How secure are these data transmissions from eavesdroppers? The worrying conclusions may draw your attention to legacy technology versus modern wireless technologies like 4G versus 5G.

LTE and 5G have a wide range of security options, but millions of people still do not have access to these networks. This is due to a lack of network coverage or devices that are not compatible with new wireless technologies.

Therefore, from our point of view, it has been useful to analyse data from older technologies.

Please find the analysis below for download.