LTE

20 Articles

Review: New 3G And Cat-M1 Cellular Hardware From Hologram

October 5, 2017 by 31 Comments

In July we reported on the launch of the Hologram developer program that offered a free SIM card and a small amount of monthly cellular data for those who wanted to build connectivity into their prototypes. Today, Hologram has launched some new hardware to go along with that program.

Nova is a cellular modem in a USB thumb drive form factor. It ships in a little box with a PCB that hosts the u-blox cellular module, two different antennas, a plastic enclosure, and a SIM card. The product is aimed at those building connected devices around single-board computers, making it easy to plug Nova in and get connected quickly.

This device that Hologram sent me is a 3G modem. They have something like 1,000 of them available to ship starting today, but what I find really exciting is that there is another flavor of Nova that looks the same but hosts a Cat-M1 version of the u-blox module. This is a Low Power Wide Area Network technology built on the LTE network. We’ve seen 2G and 3G modems available for some time now, but if go that route you’re building a product around a network which has an end-of-life concern.

Cat-M1 will be around for much longer and it is designed to be low power and utilizes a narrower bandwidth for less radio-on time. I asked Hologram for some power comparison estimates between the two technologies:

AVERAGE current consumption comparisons:

Cat-M1: as low as 100 mA while transmitting and never more than 190 mA
Equivalent 3G: as high as 680 mA while transmitting

PEAK current consumption comparisons (these are typically filtered through capacitors so the power supply doesn’t ever witness these values, and they are only momentary):

Cat-M1: Less than 490 mA
Equivalent 3G: As high as 1550 mA

This is an exciting development because we haven’t yet seen LTE radios available for devices — of course there are hotspots but those are certainly not optimized for low power or inclusion in a product. But if you know your ESP8266 WiFi specs you know that those figures above put Cat-M1 on a similar power budget and in the realm of battery-operated devices.

The Cat-M1 Nova can be ordered beginning today, should ship in limited quantities within weeks, with wider availability by the end of the year. If you can’t get one in the first wave, the 3G Nova is a direct stand-in from the software side of things.

I suspect we’ll see a lot of interest in Cat-M1 technology moving forward simply because of the the technology promises lower power and longer support. (I’m trying to avoid using the term IoT… oops, there it is.) For today, let’s take a look at the 3G version of the new hardware and the service that supports it.

Continue reading “Review: New 3G And Cat-M1 Cellular Hardware From Hologram”

Hologram.io Offers Developers Free Cell Data

July 25, 2017 by 68 Comments

If you’ve been thinking of adding cellular connectivity to a build, here’s a way to try out a new service for free. Hologram.io has just announced a Developer Plan that will give you 1 megabyte of cellular data per month. The company also offers hardware to use with the SIM, but they bill themselves as hardware agnostic. Hologram is about providing a SIM card and the API necessary to use it with the hardware of your choice: any 2G, 3G, 4G, or LTE devices will work with the service.

At 1 MB/month it’s obvious that this is aimed at the burgeoning ranks of Internet of Things developers. If you’re sipping data from a sensor and phoning it home, this will connect you in 200 countries over about 600 networks. We tried to nail them down on exactly which networks but they didn’t take the bait. Apparently any major network in the US should be available through the plan. And they’ve assured us that since this program is aimed at developers, they’re more than happy to field your questions as to which areas you will have service for your specific application.

The catch? The first taste is always free. For additional SIM cards, you’ll have to pay their normal rates. But it’s hard to argue with one free megabyte of cell data every month.

Hologram originally started with a successful Kickstarter campaign under the name Konekt Dash but has since been rebranded while sticking to their cellular-connectivity mission. We always like getting free stuff — like the developer program announced today — but it’s also interesting to see that Hologram is keeping up with the times and has LTE networks available in their service, for which you’ll need an LTE radio of course.

LTE IMSI Catcher

May 30, 2017 by 18 Comments

GSM IMSI catchers preyed on a cryptographic misstep in the GSM protocol. But we have LTE now, why worry? No one has an LTE IMSI catcher, right? Wrong. [Domi] is here with a software-defined base transceiver station that will catch your IMSI faster than you can say “stingray” (YouTube video, embedded below).

First of all, what is an IMSI? IMSI stands for International Mobile Subscriber Identity. If an IMEI (International Mobile Equipment Identity) is your license plate, your IMSI would be your driver’s license. The IMEI is specific to the phone. Your IMSI is used to identify you, allowing phone companies to verify your origin country and mobile network subscription.

Now, with terminology in tow, how does [Domi] steal your IMSI? Four words: Tracking Area Update Request. When a phone on an LTE network received a tracking area request, the LTE protocol mandates that the phone deletes all of its authentication information before it can reconnect to a base station. With authentication out of the way [Domi] spoofs a tower, waits for phones to connect, requests the phone’s IMSI and then rejects the phones authentication request, all under the nose of the phone’s user.

Now, before you don your tinfoil hat, allow us to suggest something more effective. Need more cell phone related hacks? We’ve got your back.

Continue reading “LTE IMSI Catcher”

33C3: Dissecting 3G/4G Phone Modems

February 20, 2017 by 21 Comments

[LaForge] and [Holger] have been hacking around on cell phones for quite a while now, and this led to them working on the open cellphone at OpenMoko and developing the OsmocomBB GSM SDR software. Now, they are turning their sights on 3G and 4G modems, mostly because they would like to use them inside their own devices, but would also like to make them accessible to the broader hacker community. In this talk at the 33rd Chaos Communications Congress (33C3), they discuss their progress in making this darkest part of the modern smartphone useful for the rest of us.

This talk isn’t about the plug-and-play usage of a modern cell-phone modem, though, it’s about reprogramming it. They pick a Qualcomm chipset because it has a useful DIAG protocol, and in particular choose the Quectel EC20 modem that’s used in the iPhone5, because it makes the DIAG stream easily available.

Our story begins with a firmware upgrade from the manufacturer. They unzipped the files, and were pleasantly surprised to find that it’s actually running Linux, undocumented and without the source code being available. Now, [LaForge] just happens to be the founder of gpl-violations.org and knows a thing or two about getting code from vendors who use Linux without following the terms and conditions. The legal story is long and convoluted, and still ongoing, but they got a lot of code from Quectel, and it looks like they’re trying to make good.

Qualcomm, on the other hand, makes the Linux kernel source code available, if not documented. (This is the source on which Quectel’s code is based.) [LaForge] took over the task of documenting it, and then developing some tools for it — there is more going on than we can cover. All of the results of their work are available on the wiki site, if you’re getting ready to dig in.

Continue reading “33C3: Dissecting 3G/4G Phone Modems”

Solving ISP Problem With A Homebrew LTE Yagi

May 13, 2016 by 33 Comments

We’ve heard reports that internet connectivity in Australia can be an iffy proposition, and [deandob] seems to back that up. At the limit of a decent DSL connection and on the fringe of LTE, [deandob] decided to optimize the wireless connection with this homebrew Yagi antenna.

Officially known as the Yagi-Uda after its two Japanese inventors from the 1920s, but generally shortened to the name of its less involved but quicker to patent inventor, the Yagi is an antenna that provides high gain in one direction. That a homebrew antenna was even necessary at all is due to [deandob]’s ISP using the 2300MHz band rather than the more popular 2400MHz – plenty of cheap 2.4GHz antennas out there, but not so much with 2.3GHz. With multiple parallel and precisely sized and spaced parasitic elements, a Yagi can be a complicated design, but luckily for [deandob] the ham radio community has a good selection of Yagi design tools available. His final design uses an aluminum rod for a boom, 2mm steel wire for reflectors and directors, and a length of coax as the driven element. The result? Better connectivity that pushes his ISP throttling limit, and no more need to mount the modem high enough in his house to use the internal antenna.

People on the fringes of internet coverage go to great lengths to get connections, like this off-grid network bridge. Or if you’d rather use a homebrew Yagi to listen to meteors, that’s possible too.

A Field Guide To The North American Communications Tower

April 5, 2016 by 97 Comments

The need for clear and reliable communication has driven technology forward for centuries. The longer communication’s reach, the smaller the world becomes. When it comes to cell phones, seamless network coverage and low power draw are the ideals that continually spawn R&D and the eventual deployment of new equipment.

Almost all of us carry a cell phone these days. It takes a lot of infrastructure to support them, whether or not we use them as phones. The most recognizable part of that infrastructure is the communications tower. But what do you know about them?

Continue reading “A Field Guide To The North American Communications Tower”