First Hacks: The Brand New Nokia 5G Gateway Router

Aside from being the focus of a series of bizarre conspiracy theories, 5G cellular networks offer the promise of ultra-fast Internet access anywhere within their range. To that end there are a new breed of devices designed to provide home broadband using 5G as a backhaul. It’s one of these, a Nokia Fastmile, that [Eddie Zhang] received, and he’s found it to be an interesting teardown and investigation. Spoiler: it runs Android and has exploitable bugs.

A privilege escalation bug in the web administration tool led to gaining the ability to export and modify configuration files, but sadly though a telnet prompt can be opened it’s not much use without the password. Uncovering some blocked-off ports on the base of the unit revealed a USB-C port, which was found to connect to an Android device. Via ADB a shell could be opened on Android, but on further  investigation it was found that the Fastmile is not a single device but two separate ones. Inside is a PCB with an Android 5G phone to handle the connection, and another with a completely separate home router.

With access to the Android side and a login prompt on the router side that was as far as he was prepared to go without risking bricking his Fastmile. It only remained to do a teardown, which reveals the separate PCBs with their own heatsinks, and an impressive antenna array. Perhaps these devices will in time become as ubiquitous as old routers, and we’ll see them fully laid bare.

It’s a shame that we’ve had to write more about the conspiracy theories surrounding 5G than real 5G devices, but maybe we’ll see more teardowns like this one to make up for it.

27 thoughts on “First Hacks: The Brand New Nokia 5G Gateway Router

  1. I seem to recollect that there was the same conspiracy for 4G, 3G, 2G. There is just something in the human condition that wants to invent a powerful group of people who want to do you in – and you have to oppose them to get any meaning in your life..
    Meanwhile the same people use FB and google..

    On to the teardown – so it’s a phone plugged into a router. I know, why don’t I just connect my phone to my router! Is there any advantage to having them in one box?

      1. Some though that the human body couldn’t possibly survive at speeds of 35 MPH or faster and riding on a fast train would kill them. Nevermind that we’re all ripping along at 230 Kilometers per second* along with all the rest of the Solar System, plus or minus a bit depending on the time of day and where Earth is in its orbit.

        *~514,000 MPH

    1. You can do this.. get a small Mikrotik routerboard that has usb (something like a hAP ac2), an android phone with 5g that supports usb tethering (most do these days) and a data cable.. there are many forum posts on the mikrotik forum that will walk you through configuring the routerboard.

    2. Well, who knows why they really chose to put in two systems and patch them together. I have a single device based on a qualcomm reference design–it’s licensed and sold under quite a few names. It puts everything neatly together and has an integrated battery. What I ran into with tethering a real phone usually were the phone power draining faster than I could charge it with the cabling situation I had to use, Android just hated it and would break in different ways over time, and the antennas weren’t as good as on the dedicated device I have. Normal phones just weren’t meant to do the kind of duty I was putting mine through. As another poster mentions, MIkrotik sells it’s own solutions. I just sent out an LTE-A AP from them for install in an area that isn’t getting 5G anytime soon. It’s a surprisingly powerful OS.

  2. The CPU is vast overkill for a router, perhaps that will spark a conspiracy that it’s mining crypto as another source of revenue for the ISP or manufacturer? (The coins that mine on ARM tend to use a lot of bandwidth, but an ISP can configure that for a low priority so that it would only use bandwidth that is otherwise wasted and not count against the customer’s data cap.)

    1. lol. no.

      Seriously, this is a conspiracy theory par excellence. Why on earth would an ISP want to increase traffic through its own networks, all while making oneself liable for organized crime (abusing some else’s computer system, even if it’s just a lent one, is a criminal offense in many, if not most, jurisdictions) and the consequent loss of customers).

      People with viable business models very likely won’t drift into criminality by earning at most as much money as the power consumed by these routers is worth (because if there was more money in there, the same coin would be cheaper than its price to produce on a rackmount arm server farm).

      I hate the crypto hype, from both sides, the stans and the paranoids.

      1. Unused bandwidth is wasted bandwidth. The only thing saved by not transferring data is the tiny amount of power it took to send the data.

        Companies using customer’s resources for their own purposes is nothing new, see Comcast Xfinity hotspots hosted by home routers and Amazon’s bandwidth sharing feature for examples.

        Those ARM mined coins tend also be IP address limited with VPN/VPS address ranges blocked. That combined with the high relative cost of ARM servers (compared to a cluster of really cheap smartphones) explains why they remained profitable to mine at home. I suppose with some clever routing, an ISP could piggyback on customer IPs so long as the customer on the IP isn’t also mining that coin.

  3. What really surprises me is the modularity. The cellular side has a Snapdragon 855, which is more than hefty enough to run an access point on the application processor, whilst doing 5G cellular on its integrated baseband processor.

    Which probably means that the primary motivation behind the modular design was either reuse of the cellular part (maybe that goes into other, more isolated, applications?), or an incredible time-to-market pressure, where porting the firmware running on the AP side to the Snapdragon failed for some unknown reason and a decision was made to rather ship extra hardware instead of getting the software to run.

    Would love to hear from the dev team :)

  4. if people would finally realise, that 5GNR is nothing but +10% spectral efficiency over LTE/A, that’d be fine. the ‘massive available bandwidth’ comes from the vastly more spectrum available for this purpose. the best example is the low-to-mid bands, where operator might has 20-30MHz continuous spectrum and poor folks were expecting gigabits, so basically a 10-fold increase in bw – LOL.

    never the less, from the usability and financial point of view, a self backhauled 5G network running on licensed 5G bands is a suicide. 5G spectrum is overly expensive, and an operator must be able to cash in from its subscribers as much as possible to stay afloat – and people don’t seem to pay top $ for 5G, even the idea of trying to sell it as a ‘premium service’ is ridiculous. it’s essentially basic connectivity. Ericsson was touting this idea some years ago, and it was beyond stupid then and honestly not much changed. all the mobile vendors imagine the future with 3GPP-only technology. hell, they even wanted to use the 5GHz band (currently used for WiFi5 and WiFi6) for cellular…

    1. Hm, not agreeing here: the new frequencies are more than just a bandwidth extension.

      The move to the mmWave bands brings not only more available bandwidth (at the cost of drastically lower amplifier efficiency), it also brings drastically reduced antenna sizes, and closer-to-optical propagation properties.

      This is what you need to make use of massive MIMO: devices-sized antenna arrays of ca 12 or more antennas, and spatial diversity. You get 10× the bandwidth, yes, but you can also use that bandwidth a lot of times over in a dense urban or indoor scenario.

      So, what that means that unlike on the “classical” sub-6 GHz frequencies, where you couldn’t do backhaul in-band without taking available bandwidth away from the subscribers you’re serving, these new bands allow for a useful amount of spatial beams (through MIMO). That means that you can use the same RF system for access and access network – meaning that suddenly you can actually do cells in every room (together with the spectrum coordination that came with current releases).

      In result, this actually allows for the network densification and indoor access that the MNOs want to sell.

      So, I do see the advantage.

  5. I’m not sad that 5G deployment has been stunted by conspiracies because at least in the US they don’t provide sufficient data caps to make it useful in any meaningful way. Since it’s bogged down by patents out the wazoo by an obscene number of companies, making anything 5G is impossible without all their blessings which means paying a lot of money.

    1. Could you pinpoint how the patent situation is in any way different than it was for 3G? I mean, the standardization group is called 3gpp for a reason, and it’s the same intellectual propertty-driven companies.

  6. I totally get why there would be conspiracy theories. I’m an EE and even with the current gen I find the transmit power to be a bit excessive to hold against your head for more than a minute or 2. I was overseeing emc testing once and I even asked the owner of the lab if he holds his cellphone up to his head, and he said definitly no.

  7. >5G cellular networks offer the promise of ultra-fast Internet access anywhere within their range.

    Which is also line-of-sight only due to signal period used. In other words useless in places like Norway where there is mountain and forests because you’d need aerial on every forest. I wish LTE wasn’t obsolete’d.

  8. So, how about a teardown of T-Mobile’s 5G Home Internet Gateway? For $50 a month I get 100 to 200 megabit download and 20 to 40 megabit upload speeds. That’s with one over half the signal strength bars. Blows away the DSL it replaced.

    Some have taken these apart to connect external antennas to use in low signal strength areas. it has four antenna connectors inside, same type as used on laptop wireless cards. It also has GPS though why it needs that for a device that (ideally) should never move…

    It even has a backup battery, but it’s not enough to keep the cellular or Ethernet or WiFi going. It’s mainly to preserve settings and so that customers can try it in various places to find where the best signal strength is without having to get out a long extension cord or plug it in here and there, repeatedly waiting for it to boot.

    The downside? For some reason they chose to give it a fixed local IP of 192.168.12.1. Can’t change it. So one must either redo all the IP addresses on their LAN or daisy chain a router off it that can bridge ALL types of network traffic. I have one that seamlessly bridges all internet traffic between two private IP ranges but for anything purely LAN it’s a effing brick wall through which there’s no way to punch a hole. Everything on 192.168.0.x is kept completely out of touch with anything on the 192.168.12.x side – unless the thing on the 192.168.0.x is requesting data from or sending to the internet. That data it happily passes through to the T-Mobile.

    So I setup a nice thrift store not-ISP-branded Netgear AC1450 with open source firmware as a WiFi extender and crammed a 12 into all my IP addresses so it’d work.

    T-Mobile needs to get a clue that fixing their device to one IP like that is like putting a “Protected by ADT Alarm System” sign in your front yard. Any hacker finds that IP and they know what they’re dealing with, should there be any exploits for it.

  9. A comment on the disassembly. There is abour 0.0% chance for the heatsinks being stuck on with thermal epoxy. It’s unneded and expensive. The heatsinks are mounted with thermal “gap pads” – they are slightly sticky so there’s a good amount of stiction. Peeling slowly and letting air get in under the stuff helps it let go. Heating the heatsink in advanec helps as well.

    1. Which conspiracies is the author talking about? Interaction with vaccines is obviously baloney, but the fine-grained location data is baked-in to 5G (otherwise it wouldn’t work.) Based on the behaviour of every telco over the last few decades, I find it hard to believe that this location info won’t be (mis)used so the telcos can make more money. Whether by advertising, tracking or something else, if there’s a buck to be made, the telcos will whore it out with zero consideration for their users.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.