2G Or Not 2G, That Is The Question

Since the very early 1990s, we have become used to ubiquitous digital mobile phone coverage for both voice and data. Such has been their success that they have for many users entirely supplanted the landline phone, and increasingly their voice functionality has become secondary to their provision of an always-on internet connection. With the 5G connections that are now the pinnacle of mobile connectivity we’re on the fourth generation of digital networks, with the earlier so-called “1G” networks using an analogue connection being the first. As consumers have over time migrated to the newer and faster mobile network standards then, the usage of the older versions has reduced to the point at which carriers are starting to turn them off. Those 2G networks from the 1990s and the 2000s-era 3G networks which supplanted them are now expensive to maintain, consuming energy and RF spectrum as they do, while generating precious little customer revenue.

Tech From When Any Phone That Wasn’t A Brick Was Cool

A 1990s Motorola phone
If this is your phone, you may be in trouble. Digitalsignal, CC BY-SA 3.0.

All this sounds like a natural progression of technology which might raise few concerns, in the same way that nobody really noticed the final demise of the old analogue systems. There should be little fuss at the 2G and 3G turn-off. But the success of these networks seems to in this case be their undoing, as despite their shutdown being on the cards now for years, there remain many devices still using them.

There can’t be many consumers still using an early-2000s Motorola Flip as their daily driver, but the proliferation of remotely connected IoT devices means that there are still many millions of 2G and 3G modems using those networks. This presents a major problem for network operators, utilities, and other industrial customers, and raises one or two questions here at Hackaday which we’re wondering whether our readers could shed some light on. Who is still using, or trying to use, 2G and 3G networks, why do they have to be turned off in the first place, and what if any alternatives are there when no 4G or 5G coverage is available? Continue reading “2G Or Not 2G, That Is The Question”

Basics Of Remote Cellular Access: Connecting Via VPN

You’ve got a machine hooked up to the Internet via a shiny new cellular modem, which you plan to administer remotely. You do a quick check on the external IP, and try and log in from another PC. Try as you might, SSH simply won’t connect. What gives?

The reality of the modern internet is that most clients no longer get their own unique IPv4 address. There simply aren’t enough to go around anymore. Instead, most telecommunications operators use Carrier Grade Network Address Translation which allows a single external address to be shared by many customers. This can get in the way of direct connection attempts from the outside world. Even if that’s not the case, most cellular operators tend to block inbound connections by default. However, there is a way around this quandary – using a VPN. Continue reading “Basics Of Remote Cellular Access: Connecting Via VPN”

Basics Of Remote Cellular Access – Choosing A Modem

These days, we’re blessed with cellular data networks that span great swathes of the Earth. By and large, they’re used to watch TV shows and argue with strangers online. However, they’re also a great tool to use to interact with hardware in remote locations, particularly mobile ones where a wired connection is impractical.

In this series, we’re taking a look at tips and tricks for doing remote cellular admin the right way. First things first, you’ll need a data connection – so let’s look at choosing a modem.

Options Abound

When shopping around for cellular data modems, it can be difficult to wade through the variety of options out there and find something fit for purpose. Modems in this space are often marketed for very specific use cases; at the consumer level, many are designed to be a no-fuss home broadband solution, while in the commercial space, they’re aimed primarily to provide free WiFi for restaurants and cafes. For use in remote admin, the presence of certain features can be critical, so it pays to do your research before spending your hard earned money. We’ve laid out some of the common options below.

Consumer Models

The Sierra Aircard 320U is ancient now, with limited frequency bands available. Its flimsy flexible connector is also a drawback. However, its ease of configuration with Linux systems makes it a dream to use in remote access situations. Unlike many others, it acts as a Direct IP connection, not appearing as a separate router.

Many telecommunications providers around the world sell cheap USB dongles for connecting to the Internet, with these first becoming popular with the rise of 3G. They’re somewhat less common now in the 5G era, with the market shifting more towards WiFi-enabled devices that share internet among several users. These devices can often be had for under $50, and used on prepaid and contract data plans.

These devices are often the first stop for the budding enthusiast building a project that needs remote admin over the cellular network. However, they come with certain caveats that can make them less attractive for this use. Aimed at home users, they are often heavily locked down with firmware that provides minimal configuration options. They’re generally unable to be set up for port forwarding, even if you can convince your telco to give you a real IP instead of carrier-grade NAT. Worse, many appear to the host computer as a router themselves, adding another layer of NAT that can further complicate things. Perhaps most frustratingly, with these telco-delivered modems, the model number printed on the box is often not a great guide as to what you’re getting.

A perfect example is the Huawei E8327. This comes in a huge number of sub-models, with various versions of the modem operating in different routing modes, on different bands, and some even omitting major features like external antenna connectors.  Often, it’s impossible to know exactly what features the device has until you open the box and strip the cover off, at which point you’re unable to return the device for your money back.

All is not lost, however. The use of VPNs can help get around NAT issues, and for the more adventurous, some models even have custom firmware available on the deeper, darker forums on the web. For the truly cash strapped, they’re a viable option for those willing to deal with the inevitable headaches. There are generally some modems that stand out over others in this space for configurability and ease of use. This writer has had great success with a now-aging Sierra Aircard 320U, while others have found luck with the Huawei E3372-607. As per earlier warnings though, you don’t want to accidentally end up with an E3372-608 – thar be dragons.

Continue reading “Basics Of Remote Cellular Access – Choosing A Modem”

Simplify Your Life With This Pocket Rotary Cellphone

With its constant siren song of distraction and endless opportunity for dopamine hits, a smartphone can cause more problems than it solves. The simple solution would be a no-nonsense flip phone, but that offers zero points for style. So why not build your own rotary dial pocket cellphone?

Of course, what style points accrue to [Justine Haupt] take a hit in terms of practicality, but that was never really the point of this build. And even then, the phone appears to be surprisingly useful. It’s based on the rotary dial from a Trimline phone, which itself was an epic hack back in 1965 when it was introduced. The 3D-printed case contains an ATmega2560V microcontroller and an Adafruit FONA 3G cell module, while a flexible mono eInk display adorns the outside. Some buttons, a folding SMA antenna, and some LEDs for signal strength and battery level complete the build, which easily slips into a pocket. The dial can be used not only to dial the phone but to control the speaker volume; in practice, [Justine] mainly uses the speed dial buttons to make calls, though.

We’ve seen rotary phones converted to cell before, but this one is a next-level integration of the retro and the modern. It’s simple, intuitive, and distraction-free, and best of all, it’s a great excuse not to return a text.

Thanks to [J. Peterson] for the tip.

36C3: SIM Card Technology From A To Z

SIM cards are all around us, and with the continuing growth of the Internet of Things, spawning technologies like NB-IoT, this might as well be very literal soon. But what do we really know about them, their internal structure, and their communication protocols? And by extension, their security? To shine some light on these questions, open source and mobile device titan [LaForge] gave an introductory talk about SIM card technologies at the 36C3 in Leipzig, Germany.

Starting with a brief history lesson on the early days of cellular networks based on the German C-Netz, and the origin of the SIM card itself, [LaForge] goes through the main specification and technology parts of each following generation from 2G to 5G. Covering the physical basics, I/O interfaces, communication protocols, and the file system located on the SIM card, you’ll get the answer to “what on Earth is PIN2 for?” along the way.

Of course, a talk like this, on a CCC event, wouldn’t be complete without a deep and critical look at the security side as well. Considering how over-the-air updates on both software and — thanks to mostly running Java nowadays — feature side are more and more common, there certainly is something to look at.

Continue reading “36C3: SIM Card Technology From A To Z”

5G Cellphone’s Location Privacy Broken Before It’s Even Implemented

Although hard to believe in the age of cheap IMSI-catchers, “subscriber location privacy” is supposed to be protected by mobile phone protocols. The Authentication and Key Agreement (AKA) protocol provides location privacy for 3G, 4G, and 5G connections, and it’s been broken at a basic enough level that three successive generations of a technology have had some of their secrets laid bare in one fell swoop.

When 3G was developed, long ago now, spoofing cell towers was expensive and difficult enough that the phone’s International Mobile Subscriber Identity (IMSI) was transmitted unencrypted. For 5G, a more secure version based on a asymmetric encryption and a challenge-reponse protocol that uses sequential numbers (SQNs) to prevent replay attacks. This hack against the AKA protocol sidesteps the IMSI, which remains encrypted and secure under 5G, and tracks you using the SQN.

The vulnerability exploits the AKA’s use of XOR to learn something about the SQN by repeating a challenge. Since the SQNs increment by one each time you use the phone, the authors can assume that if they see an SQN higher than a previous one by a reasonable number when you re-attach to their rogue cell tower, that it’s the same phone again. Since the SQNs are 48-bit numbers, their guess is very likely to be correct. What’s more, the difference in the SQN will reveal something about your phone usage while you’re away from the evil cell.

A sign of the times, the authors propose that this exploit could be used by repressive governments to track journalists, or by advertisers to better target ads. Which of these two dystopian nightmares is worse is left as comment fodder. Either way, it looks like 5G networks aren’t going to provide the location privacy that they promise.

Via [The Register]

Header image: MOs810 [CC BY-SA 4.0].

Creating A 3G Raspberry Pi Smartphone

It’s hard to believe, but the Raspberry Pi has now been around long enough that some of the earliest Pi projects could nearly be considered bonafide vintage hacks at this point. A perfect example are some of the DIY Raspberry Pi smartphone projects that sprung up a few years back. Few of them were terribly practical to begin with, but even if you ignore the performance issues and bulkiness, the bigger problem is they relied on software and cellular hardware that simply isn’t going to cut it today.

Which was exactly the problem [Dylan Radcliffe] ran into when he wanted to create his own Pi smartphone. There was prior art to use as a guide, but the ones he found were limited to 2G cellular networks which no longer exist in his corner of the globe. He’s now taken on the quest to develop his own 3G-capable Pi smartphone, and his early results are looking very promising.

Inside the phone, which he calls the rCrumbl, [Dylan] has crammed a considerable amount of hardware. A Raspberry Pi 3B+ with attached Adafruit touchscreen LCD is the star of the show, but there’s also a Pi camera module, battery charging circuit, and Adafruit FONA 3G modem (which also provides GPS). Powering the device is a 2500 mAh 3.7V battery, which reportedly delivers a respectable 8 to 12 hour runtime.

The case is 3D printed, and [Dylan] says it took a long time to nail down a design that would fit all of his hardware, keep things from shifting around, and still be reasonably slim. Obviously DIY phones like this are never going to be as slim as even the chunkiest of modern smartphones, but the rCrumbl looks fairly reasonable for a portable device. We especially like the row of physical buttons he’s included along the bottom of the screen, which should help with the device’s usability.

Speaking of usability, that’s where [Dylan] still has his work cut out for him. The existing software he’s found won’t work on 3G, so he’s going to have to come up with his own software stack to provide a proper phone interface. As it stands he’s made a call on the rCrumbl using command line tools, but while that might score you some extra geek points at the next hacker meetup, it’s not exactly going to fly for daily use. He mentions he would love to talk to any developers out there that would like to team up on the software side of the project.

We’ve covered one of the 2G Pi smartphones in the past, and of course the ZeroPhone is a very interesting project if you don’t mind the “dumb phone” interface. But if you’re looking for something that’s fairly close to commercial devices in terms of usability, you might just want to roll your own Android phone.