Showing posts with label GSM. Show all posts
Showing posts with label GSM. Show all posts

Tuesday, September 24, 2024

Detection of Real-world Fake Base Station (FBS) Attacks in Thailand

It's been a while since we created our security tutorial, back in 2018. One of the items we discussed in there were the fake cell towers or the fake base stations. The issues highlighted there still exist as highlighted by AIS CISO, Pepijn Kok at The Telecom Threat Intelligence Summit (TTIS) 2024.

The cyber threat actors exploited GSM authentication vulnerabilities to use fake base stations as part of SMS phishing attacks to steal from real bank accounts. In his talk Pepijn explains how AIS worked with ecosystem partners in Thailand to detect and block these attacks.

The talk described two case studies. The first one was a report from Dec 2022 where certain bank customers and online retail platform users were receiving SMS messages masquerading as the bank or online platform itself (something not typically possible). The messages contained links to malicious content. The second one is a recent case from April 2024 where AIS customers started receiving fake SMS with malicious links. It was obvious in that case that the SMS did not come from the AIS network which triggered AIS to start investigating as they were sure there was a fake base station in operation. The talk describes how in both the scenarios the gangs were caught.

The talk is embedded below:

You can learn more about TTIS here. The video of all the talks from day 1 is here and day 2 is here.

Related Posts

Friday, June 7, 2024

Attack Surfaces for Different Generations of Mobile Technologies

At DEF CON 31 last year, Tracy Mosley, Vulnerability Researcher at Trenchant presented a talk titled "Nothin’ but a G Thang - The Evolution of Cellular Networks" (background of title). The abstract of the talk says:

In this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol. For each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative. While I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!

The talk is embedded below:

The presentation can be downloaded from here.

Related Posts

Friday, October 13, 2023

The Digital Railway supported by FRMCS

As discussed in our earlier post, the long-standing 2G cellular standard for rail communication, known as the Global System for Mobile Communications–Railway (GSM–R), remains in use across Europe, China, India, Africa, and Australia. However, software and hardware vendors predict that this early digital cellular technology will start to be phased out in 2025, as a new 5G-based system specifically for railway applications is expected to be introduced.

According to the European Union Agency for Railways (ERA), GSM–R supports communication between train drivers and traffic control centres with features such as group communication, location-dependent addressing, priority levels, railway emergency calls, and shunting communication. This system enables data transmission between trains and control centres at speeds exceeding 300 mph.

Yet, GSM–R is beginning to show its age. While it is adequate for basic voice communication, its 4 MHz bandwidth, which supports multiple 200 KHz channels, limits its functionality. Downlink communications use the 876–880 MHz range, while the uplink operates at 921–925 MHz.

The maximum data transmission rate for GSM–R is just 9.6 kbit/s, making it unsuitable for real-time data communication. Its capabilities are essentially limited to sending SMS text messages, with little capacity for anything more advanced.

The Future Railway Mobile Communication System (FRMCS), a 5G-based successor to GSM–R, will provide both voice and data services for railway communications. The FRMCS project is being led by the International Union of Railways (UIC) in collaboration with major rail infrastructure companies and telecom solution providers. It is set to be based on the 5G 3GPP standard, meaning it will not require a railway-specific cellular network technology.

FRMCS, which will use the standalone 5G NR specification, is expected to be finalised by the end of 2022. This new standard will operate on harmonised frequencies at 900 MHz and 1900 MHz to ensure interoperability for rail command and control systems as they transition from GSM–R to FRMCS.

Mobile network operators will also be able to offer 5G connectivity for train passengers, collaborating with railway companies to provide the high-bandwidth digital services needed to streamline modern train operations.

Currently, many rail operators offer Wi-Fi onboard or install repeaters to enhance mobile network coverage within carriages. However, these solutions can be costly to maintain and upgrade, and repeated signals can cause interference when train doors open. An alternative solution is for public mobile operators to provide passenger connectivity through their existing 5G networks, with additional 5G towers placed along major rail lines.

To improve 5G signal penetration, train windows can be fitted with special “5G-friendly” glass, which allows signals to pass through more easily (standard window glass is often coated to reduce solar radiation inside the carriage). This approach reduces the need for expensive Wi-Fi and repeater systems, enabling mobile operators to deliver high-speed broadband services to passengers more efficiently.

In their webinar last year, Wray Castle stated that FRMCS is not simply a replacement for GSM-R nor is it a single specific technology. In fact, UIC have stated that FRMCS is technology agnostic. The webinar discussed:

  • What is FRMCS and how does it differ from GSM-R?
  • How soon will railways be replacing GSM-R?
  • Is there a migration strategy?
  • Do we have sufficient radio spectrum?
  • What is the most probable technology that will be used?

The video of that is embedded below:

Wray Castle also conducts regular courses on this topic. Details here.

Related Posts:

Monday, June 6, 2022

2G/3G Shutdown may Cost Lives as 4G/5G Voice Roaming is a Mess

You have probably heard me a complaining about the pace of VoLTE rollout, 2G/3G shutdowns, 4G Voice roaming, etc. This post highlights all these issues coming together in a dangerous way. People often ask me why is it that it's always just me highlighting the issues. The answer is that there are other people but their voice may not reach you. In this post, I am highlighting presentations by Rudolf van der Berg, Project and programme manager at Stratix Consulting.

Let's start with Rudolf's post from LinkedIn:

Stop the shutdown of 2G and 3G networks to save lives. This is the urgent call I make today and I hope you can help me spread it! Please call on people you know in politics, regulators and emergency services to demand a stop! Call on anyone you know in the GSMA, 3GPP, handset makers (Apple, Samsung, Qualcomm, MediaTek), network builders (Ericsson, Nokia, Huawei) to re-engineer VoLTE to an interoperable standard.

Emergency calls (112, 911) should work anywhere in the world on any phone. For GSM and 3G voice calling it did. You could fly anywhere and call emergency services and in the EU we have the roaming regulation that demands calling like at home. Voice over 4G and 5G hasn't been properly standardized and isn't interoperable between networks, devices, chipsets and firmware. People need to be able to make and receive telephone calls around the world, to each other and to emergency services. Unfortunately even according to sector itself emergency services are at risk from VoLTE. A consumer today can't know whether a phone they bought will make VoLTE calls at home or abroad, nor whether it can reach emergency services. That can't be right!

So please help EENA 112 and me share this message! Thank you #eena2022 (Slide 4 contains a mistake, T-Mo USA hasn't decided on 2G shutdown yet. that is good for availability of 911, though fundamental point remains. Apologies.)

The video and slides are embedded below:

The slides contain many useful references and links, you can download directly from here.

Back in April, iBASIS hosted a VoLTE and 5G Roaming Roundtable. You can watch the video here and download the presentation and whitepaper as well. It contains talks from Kaleido Intelligence, iBASIS, KPN, Bouygues Telecom and Telus. 

The slide from Dutch MNO KPN above highlights the VoLTE Roaming issues they are observing. Other operators will face this issue sooner or later as well. 

The Regulators, GSMA and 3GPP have to come together to fix this important issue for once and all so no lives are lost because of this. Hopefully someone is listening!

Related Posts

Monday, May 9, 2022

Transitioning from eCall to NG-eCall and the Legacy Problem

eCall (an abbreviation of "emergency call") is an initiative by the European Union, intended to bring rapid assistance to motorists involved in a collision anywhere within the European Union. The aim is for all new cars to incorporate a system that automatically contacts the emergency services in the event of a serious accident, sending location and sensor information. eCall was made mandatory in all new cars sold within the European Union as of April 2018.

In UK, the National Highways have a fantastic summary of the eCall feature here. The following video explains how this feature works:

Last year, ETSI hosted the Next Generation (NG) eCall webinar and Plugtests. The presentations from the event are available here. The presentations from GSMA, Qualcomm and Iskratel have a fantastic summary of many of the issues and challenges  with eCall and transitioning to NG eCall.

From the Qualcomm presentation:

The eCall standardisation began in 2004 when 2G networks were prevalent and 3G was being deployed. The chosen solution was in-band modem and Circuit Switched (CS) 112 call. The in-band modem was optimised for GSM (2G) and UMTS (3G) as the standard completed in 2008.

eCall for 4G (NG eCall) standardisation was started in 2013 and completed in 2017. As there is no CS domain in 4G/5G, IMS emergency calling will replace circuit switched emergency call. Next generation (NG) eCall provides an extension to IMS emergency calls and support for 5G (NR) has since been added.

The picture above from GSMA presentation highlights the magnitude of the problem if NG eCall deployment is delayed. GSMA is keen for the mobile operators to switch off their 2G/3G networks and only keep 4G/5G. There are problems with this approach as many users and services may be left without connectivity. Fortunately the European operators and countries are leaving at least one previous generation of technology operational for the foreseeable future.

GSMA's presentation recommends the following:

  • New technology neutral eCall Regulation (type approval and related acts) to be amended, adopted by European Commission and enter into force by end 2022 the latest.
  • OEMs to start installing NG eCall /remotely programable/exchangeable modules by end 2022; by end 2024 all new vehicles sold in the market should be NG eCall only
  • New vehicle categories to start with NG eCall only by 2024
  • MNOs have initiated to phase out 2G/3G between 2020 and 2025 , whereas the optimal transition path of their choice beyond this date will depend on market and technology specifics, and may require alignment with NRAs.
  • By 2022 , the industry will develop solutions for the transition period that need to be implemented country by country, which will also assess the amount of needed public funding to be economically feasible.
  • Retrofitting to be acknowledged, completed and formalised as a process by end 2024; standards should already be available in 2022.
  • Aftermarket eCall solution to be completed (including testing) and formalised by end 2024; standards should already be available in 2022.
  • The European Commission to make available public funding to support OEMs and alternative solutions to legacy networks starting from 2022 , under the RRF/ recovery package (or other relevant instruments)
  • Legacy networks availability until 2030 at the latest. By then deployment of all alternative solutions simultaneously would have ensured that the remaining legacy fleet will continue to have access to emergency services through NG eCall.

EENA, the European Emergency Number Association, is a non-governmental organisation whose mission is to contribute to improving people’s safety & security. One of the sessions at the EENA 2021 Conference was on eCall. The video from that is embedded below and all information including agenda and presentations are available here.

Related Posts:

Monday, March 7, 2022

GSMA Releases Mobile Economy Report 2022

The GSMA Mobile Economy report series provides the latest insights on the state of the mobile industry worldwide. Produced by GSMA's in-house research team, GSMA Intelligence, these reports contain a range of technology, socio-economic and financial datasets, including forecasts out to 2025. The global version of the report is published annually at MWC Barcelona, while regional editions are published throughout the year.

The Infographic above (PDF) shows the latest update from 2022. The PDF of report is available here.

Selective extract from the executive summary as follows:

The mobile industry has been instrumental in extending connectivity to people around the world. In 2021, the number of mobile internet subscribers reached 4.2 billion people globally. Operators’ investments in network infrastructure over the last decade have helped to shrink the coverage gap for mobile broadband networks from a third of the global population to just 6%. But although the industry continues to invest in innovative solutions and partnerships to extend connectivity to still underserved and far-flung communities, the adoption of mobile internet services has not kept pace with the expansion of network coverage. This has resulted in a significant usage gap. In 2021, the usage gap stood at 3.2 billion people, or 41% of the global population. 

The reasons for the usage gap are multifaceted and vary by region, but they generally relate to a lack of affordability, relevance, knowledge and skills, in addition to safety and security concerns. Furthermore, the barriers to mobile internet adoption are particularly acute among certain segments of the population, including women, the elderly, those in rural areas and persons with disabilities – or a combination thereof. Addressing the usage gap for these key groups will extend the benefits of the internet and digital technology to more people in society, and will require concerted efforts by a broad range of stakeholders working together with mobile operators and other ecosystem players, such as device manufacturers and digital content creators.

5G adoption continues to grow rapidly in pioneer markets, with the total number of connections set to reach 1 billion in 2022. Momentum has been boosted by a number of factors, including the economic recovery from the pandemic, rising 5G handset sales, network coverage expansions and overall marketing efforts by mobile operators. Meanwhile, a new wave of 5G rollouts in large markets with modest income levels (such as Brazil, Indonesia and India) could further incentivise the mass production of more affordable 5G devices, which in turn could further bolster subscriber growth. By the end of 2025, 5G will account for around a quarter of total mobile connections and more than two in five people around the world will live within reach of a 5G network.

4G still has room to grow in most developing markets, particularly in SubSaharan Africa, where 4G adoption is still below a fifth of total connections and operators are stepping up efforts to migrate existing 2G and 3G customers to 4G networks. However, rising 5G adoption in leading markets, such as China, South Korea and the US, means that 4G adoption on a global level is beginning to decline. Globally, 4G adoption will account for 55% of total connections by 2025, down from a peak of 58% in 2021.

By the end of 2021, 5.3 billion people subscribed to mobile services, representing 67% of the global population. In a growing number of markets, most adults now own a mobile phone, meaning that future growth will come from younger populations taking out a mobile subscription for the first time. Over the period to 2025, there will be an additional 400 million new mobile subscribers, most of them from Asia Pacific and Sub-Saharan Africa, taking the total number of subscribers to 5.7 billion (70% of the global population). 

In 2021, mobile technologies and services generated $4.5 trillion of economic value added, or 5% of GDP, globally. This figure will grow by more than $400 billion by 2025 to nearly $5 trillion as countries increasingly benefit from the improvements in productivity and efficiency brought about by the increased take-up of mobile services. 5G is expected to benefit all economic sectors of the global economy during this period, with services and manufacturing experiencing the most impact.

You can download all reports from here.

For anyone interested in keeping a track of which 2G/3G networks are undergoing sunset, you can follow my Twitter thread that lists all the networks I become aware of 

Related Posts

Tuesday, September 7, 2021

Future Railway Mobile Communication System (FRMCS)


I have been meaning to write on this topic for a very long time. The discussion started back in 2016 when the limitations of GSM-R were obvious and it was recognised that a successor will be needed sooner or later. The International Railway Union (UIC) published a user requirement specification in their paper “Future Railway Mobile Communication System - FRMCS”. This is available on 3GPP server as liaison statement S1-161250.

As 3GPP notes in their article, this was the trigger for them to go ahead and start the studies. Then in Release 16, 3GPP TS 22.289 "Mobile communication system for railways" outlined the requirements for railway communication, beyond the 3GPP Future Railway Mobile Communication System (FRMCS) Phase 1 specs. Details are available on this post here.

Source Tweet

The latest version of 3GPP TR 22.889, Study on Future Railway Mobile Communication System; Stage 1 is from Release 17. The introduction to the document clarifies:

The railway community is considering a successor communication system to GSM-R, as the forecasted obsolescence of the 2G-based GSM-R technology is envisaged around 2030, with first FRMCS trial implementations expected to start around 2020. 

The Future Railway Mobile Communication System (FRMCS) Functional Working Group (FWG) of the International Union of Railways (UIC) have investigated and summarised their requirements for the next generation railway communication system in the Future Railway Mobile Communication User Requirements Specification (FRMCS URS). The present document is based on this input given by the UIC/ETSI TC-RT 

Study on FRMCS Evolution (FS_eFRMCS), available as SP-201038 clarifies:

The UIC FRMCS programme was recently releasing stable version 5.0.0 of the User Requirement Specification, version 2.0.0 of the Functional Use Cases and a new specification item, version 1.0.0 of the Telecom On-Board System - Functional Requirements Specification, as a further step in the evolution of the FRMCS specifications. The UIC FRMCS Programme is developing all the technical conditions for the 5G FRMCS, with the main objective to make available a “FRMCS First Edition” ecosystem available for procurement by Q1 2025.

The UIC FRMCS 3GPP Task Force has been identifying and analyzing impact of this newly released set of FRMCS specifications on existing use cases and requirements collected in TR 22.889. The UIC FRMCS 3GPP Task Force analysis has concluded that refining existing use cases, defining new use cases such as merging railway emergency communications and real-time translation of conversation, and deriving potential new requirements, will be necessary to align FRMCS and 3GPP specifications. The potential impact on normative work is estimated to be limited and much less compared to the study work.

As approved in SA1#90-e (S1-202245), TR 22.889 has now been re-named to TR 22.989 from Rel-18 onwards (latest version is TR 22.989 v18.0.0) to make it visible to the Rail community to be able to follow the 3GPP normative work in line with their needs. It is of most importance for the Rail community that specifications from different organisations (i.e. UIC, 3GPP and ETSI) are all aligned.

Due to the expected 3GPP work overload in Release 18 (SA1 and downstream groups), it is proposed to reduce the scope of the present Rel-18 study to evolution of critical applications related use cases only already identified by UIC – what is really essential for the railways as part of the “FRMCS First Edition” and the migration phase from GSM-R to FRMCS. 

Study of non-essential use cases (e.g. evolution of performance and business use cases) shall be postponed to Rel-19.

This plan is from 2019 so quite likely that it is already outdated. It does provide an idea on different steps and trial plans. Some of this was also covered in the 5G RAN Release 18 for Industry Verticals Webinar detailed here.

Finally, as this image from Arthur D. Little highlights, there is a lot of other interest in addition to FRMCS for 5G in railway. Report here.

Related Posts:

Wednesday, June 30, 2021

Open RAN Terminology and Players


When we made our little Open RAN explainer, couple of years back, we never imagined this day when so many people in the industry will be talking about Open RAN. I have lost track of the virtual events taking place and Open RAN whitepapers that have been made available just in the last month.

One of the whitepapers just released was from NTT Docomo, just in time for MWC 2021. You can see the link in the Tweet

Even after so much information being available, many people still have basic questions about Open RAN and O-RAN. I helped make an Open RAN explainer series and blogged about it here. Just last week, I blogged about the O-RAN explainer series that I am currently working on, here.

There were some other topics that I couldn't cover elsewhere so made some short videos on them for the 3G4G YouTube channel. The first video/presentation explains Open RAN terminology that different people, companies and organizations use. It starts with open interfaces and then looks at radio hardware disaggregation and compute disaggregation. Moving from 2G/3G/4G to 5G, it also explains the Open RAN approach to a decomposed architecture with RAN functional splits.

If you look at the Telecom Infra Project (TIP) OpenRAN group or O-RAN Alliance, the organizations driving the Open RAN vision and mission, you will notice many new small RAN players are joining one or both of them. In addition, you hear about other Open RAN consortiums that again include small innovative vendors that may not be very well known. 

The second video is an opinion piece looking at what is driving these companies to invest in Open RAN and what can they expect as return in future.

As always, all 3G4G videos' slides are available on our SlideShare channel.

Related Posts:

Wednesday, May 15, 2019

When will 2G & 3G be switched off now that 5G is here?


I wrote this blog post '2G / 3G Switch Off: A Tale of Two Worlds' back in Oct 2017. Since then I have continued to see the same trend in 2G/3G shutdown announcements. Based on that post and also taking the GSMA Mobile Economy Report into account, we have created a short tutorial on 2G/3G switch off and how the trends are affected by the launch of KaiOS based Smart Feature phones. Presentation and video embedded below. Would love to hear your thoughts.





Related posts:

Tuesday, December 4, 2018

Can KaiOS accelerate the transition from 2G / 3G to 4G?


The GSMA Mobile Economy 2018 report forecasts that 2G will still be around in 2025 and the dominant technology will be 3G in Africa. GSMA Intelligence Global Mobile Trends highlighted similar numbers but North Africa was missing in that report. As you can see in the picture below, 3G devices will make up 62% of the total number of devices in Sub-Saharan Africa and 37% in MENA.

Similar information was provided by Navindran Naidoo, Executive, Network Planning & Design, MTN Group in TIP Summit 2017 and Babak Fouladi, Technology and Information System (Group CTIO) , MTN Group in TIP Summit 2018. In fact Babak had a slide that showed 3G devices would make up 61%  of total devices in 2025 in Africa. Rob Shuter, Group President and CEO, MTN Group said at AfricaCom 2018 that Africa lags 7 years behind the Western countries in mobile technologies. Though this may not be universally true, its nevertheless a fact in many areas of the Continent as can be seen from the stats.

In my blog post "2G / 3G Switch Off: A Tale of Two Worlds", I said operators in many developing countries that maybe forced to switch off a technology would rather switch 3G off as they have a big base of 2G users and 3G devices can always fall back on 2G.

So what are the main reasons so many users are still on 2G devices or feature phones? Here are some that I can think off the top of my head:
  • Hand-me-downs
  • Cheap and affordable
  • Given as a gift (generally because its cheap and affordable)
  • 2G has better coverage than 3G and 4G in many parts of the world
  • Second/Third device, used as backup for voice calls
  • Most importantly - battery can last for a long time
This last point is important for many people across different parts of the world. In many developing countries electricity is at a premium. Many villages don't have electricity and people have to take a trip to a market or another village to get their phones charged. This is an expensive process. (Interesting article on this here and here). In developed countries, many schools do not allow smartphones. In many cases, the kids have a smartphone switched off in their bag or left at home. For parents to keep in touch, these kids usually have a feature phone too. 

While all feature phones that were available until couple of years ago were 2G phones, things have been changing recently. In an earlier tweet I mentioned that Reliance Jio has become a world leader in feature phones:


I also wrote about Jio phone 2 launch, which is still selling very well. So what is common between Jio phones and Nokia 8110 4G, a.k.a. Banana phone

They both use a new mobile operating system called KaiOS. So what is KaiOS?

KaiOS originates from the Firefox OS open-source project which started in 2011 and has continued independently from Mozilla since 2016. Today, KaiOS is a web-based operating system that enables a new category of lite phones and other IoT devices that require limited memory, while still offering a rich user experience through leading apps and services. KaiOS is a US-based company with additional offices in France, Germany, Taiwan, India, Brazil, Hong Kong, and mainland China. You can find a list of KaiOS powered devices here. In fact you can see the specifications of all the initial devices using KaiOS here.

Here is a video that explains why we need KaiOS:



There are couple of really good blog posts by Sebastien Codeville, CEO of KaiOS:

There is so much information in both these articles that I will have to copy and paste the entire articles to do them justice. Instead, I want to embed the presentation that Sebastien delivered at AfricaCom below:



I like the term 'smart feature phone' to distinguish between the smartphones and old dumb feature phones.

Finally, it should be mentioned that some phone manufacturers are using older version of Android to create a feature phone. One such phone is "Reinvent iMi" that is being billed as 'Slimmest Smart 3G Feature Phone' in India. It uses Android 4.1. See details here. Would love to find out more about its battery life in practice.

My only small concern is about security of old Android OS. As Android is extensively used, new vulnerabilities keep getting discovered all the time. Google patches them in newer versions of the software or sometimes releases a separate patch. All updates to the Android OS stops after 3 years. This means that older versions of Android can be hacked quite easily. See here for example.

Anyway, feature phones or 'smart feature phones' are here to stay. Better on 4G than on 2G.

Thursday, April 12, 2018

#CWHeritage Talk: The History of Synchronization in Digital Cellular Networks


CW (a.k.a. Cambridge Wireless) held a very interesting event titled 'Time for Telecoms' at the Science Museum in London. I managed to record this one talk by Prof. Andy Sutton, who has also kindly shared slides and some other papers that he mentions in his presentation. You can also see the tweets from the event on Twitter.

The video playlist and the presentation is embedded below.






The papers referred to in the presentation/video available as follows:

Thursday, January 4, 2018

Introduction to 3GPP Security in Mobile Cellular Networks


I recently did a small presentation on 3GPP Security, looking at the how the security mechanism works in mobile cellular networks; focusing mainly on signaling associated with authentication, integrity protection and ciphering / confidentiality. Its targeted towards people with basic understanding of mobile networks. Slides with embedded video below.



You can also check-out all such videos / presentations at the 3G4G training section.

Tuesday, December 12, 2017

5G Patents Progress

More than 23,500 patents have been declared essential to the GSM & 3G as shown in the picture above. I am assuming this includes 4G as well. Anyway, its been a while I looked into this subject. The last time I was looking, 4G patent pools were beginning to form.

For LTE, indeed there is no one-stop shop for licensing. The only company that has tried is VIA Licensing, with their patent pool, but they don’t have licenses for the big players like Ericsson, Qualcomm, Huawei, ZTE, Samsung, etc. The same will probably apply for 5G.


This old picture and article from Telecom TV (link) is an interesting read on this topic.



This official WIPO list shows ZTE, Huawei, and Qualcomm at the top of the list for international patent filers worldwide in 2016 [PDF].

Back in 2015, NGMN alliance was also looking for creation of some kind of patent pool but it probably didn't go anywhere (link)

(Can't recall the source for this one) In March, Ericsson announced plans to license 5G for $5 per device and possibly as low as $2.50 in emerging markets. In November, Qualcomm announced plans to license 5G IP at the same rates established by the NDRC for 4G/LTE phones sold into China: 2.275% for single mode essential patents / 4.0% for the entire portfolio or 3.25% for multimode essential patents / 5.0% for the entire portfolio. All rates are based on the wholesale price of the phone.

Qualcomm also announced that the previously undisclosed $500 price cap will apply to all phones. Qualcomm also announce a rate of less than $5 for 5G for automotive applications and $0.50 for NB-IoT based IoT applications.

Ericsson has filed patent application for its end-to- end 5G technology. Ericsson has incorporated its numerous 5G and related inventions into a complete architecture for the 5G network standard. The patent application filed by the leading telecom vendor combines the work of 130 Ericsson inventors.

Dr. Stefan Parkvall, Principal Researcher at Ericsson, said, “The patent application contains Ericsson’s complementary suite of 5G inventions.” Stefan added, “It contains everything you need to build a complete 5G network. From devices, the overall network architecture, the nodes in the network, methods and algorithms, but also shows how to connect all this together into one fully functioning network. The inventions in this application will have a huge impact on industry and society: they will provide low latency with high performance and capacity.

This will enable new use cases like the Internet of Things, connected factories and self-driving cars.” Ericsson is involved with leading mobile operators across the world for 5G and Pre-5G research and trials. The patent application is likely to further strengthen its position in the 5G race.

More details on E/// 5G patents on their official website here.

Mobile world live has some good details on Qualcomm 5G NR royalty terms.

Smartphone vendors will have to pay as much as $16.25 per device to use Qualcomm’s 5G New Radio (NR) technology under new royalty guidelines released by the company.

Qualcomm said it will implement a royalty rate of 2.275 per cent of the selling price for single-mode 5G handsets and a higher rate of 3.25 per cent for multi-mode smartphones with 3G, 4G and 5G capabilities.

So for a $200 multi-mode device, for instance, Qualcomm noted a vendor would have to pay $6.50 in royalties per device. Royalties are capped at a $500 device value, meaning the maximum amount a smartphone vendor would have to pay would be $16.25 per handset.

The company added it will also offer access to its portfolio of both cellular standard essential patents and non-essential patents at a rate of 4 per cent of the selling price for single-mode devices and 5 per cent for multi-mode devices.

Qualcomm’s rates are notably higher than those announced by Ericsson in March. The Swedish company said it would charge a flat royalty fee of $5 per 5G NR multimode handset, but noted its fee could go as low as $2.50 per device for handsets with low average selling prices.

The official Qualcomm 5G royalty terms [PDF] are available here.

Further reading:


Thanks to Mike Saji for providing inputs on 4G patent landscape. Thanks to Keith Dyer for interesting tweets on this topic.

Thursday, November 9, 2017

Quick tutorial on Mobile Network Sharing Options


Here is a quick tutorial on mobile network sharing approaches, looking at site/mast sharing, MORAN, MOCN and GWCN. Slides and video embedded below. If for some reason you prefer direct link to video, its here.

Sunday, November 5, 2017

RRC states in 5G

Looking back at my old post about UMTS & LTE (re)selection/handovers, I wonder how many different kinds of handovers and (re)selection options may be needed now.

In another earlier post, I talked about the 5G specifications. This can also be seen in the picture above and may be easy to remember. The 25 series for UMTS mapped the same way to 36 series for LTE. Now the same mapping will be applied to 38 series for 5G. RRC specs would thus be 38.331.

A simple comparison of 5G and LTE RRC states can be seen in the picture above. As can be seen, a new state 'RRC Inactive' has been introduced. The main aim is to maintain the RRC connection while at the same time minimize signalling and power consumption.

Looking at the RRC specs you can see how 5G RRC states will work with 4G RRC states. There are still for further studies (FFS) items. Hopefully we will get more details soon.

3GPP TS 22.261, Service requirements for the 5G system; Stage 1 suggests the following with regards to inter-working with 2G & 3G

5.1.2.2 Legacy service support
The 5G system shall support all EPS capabilities (e.g., from TSs 22.011, 22.101, 22.278, 22.185, 22.071, 22.115, 22.153, 22.173) with the following exceptions:
- CS voice service continuity and/or fallback to GERAN or UTRAN,
- seamless handover between NG-RAN and GERAN,
- seamless handover between NG-RAN and UTRAN, and
- access to a 5G core network via GERAN or UTRAN.

Saturday, October 7, 2017

2G / 3G Switch Off: A Tale of Two Worlds

Source: Wikipedia

2G/3G switch off is always a topic of discussion in most conferences. While many companies are putting their eggs in 4G & 5G baskets, 2G & 3G is not going away anytime soon.

Based on my observations and many discussions that I have had over the past few months, I see a pattern emerging.

In most developed nations, 2G will be switched off (or some operators may leave a very thin layer) followed by re-farming of 3G. Operators will switch off 3G at earliest possible opportunity as most users would have moved to 4G. Users that would not have moved to 4G would be forced to move operators or upgrade their devices. This scenario is still probably 6 - 10 years out.



As we all know that 5G will need capacity (and coverage) layer in sub-6GHz, the 3G frequencies will either be re-farmed to 4G or 5G as 2G is already being re-farmed to 4G. Some operators may choose to re-balance the usage with some lower frequencies exchanged to be used for 5G (subject to enough bandwidth being available).


On the other hand, in the developing and less-developed nations, 3G will generally be switched off before 2G. The main reason being that there are still a lot of feature phone users that rely on 2G technologies. Most, if not all, 3G phones support 2G so the existing 3G users will be forced onto 2G. Those who can afford, will upgrade to newer smartphones while those who cant will have to grudgingly use 2G or change operators (not all operators in a country will do this at the same time).

Many operators in the developing countries believe that GSM will be around until 2030. While it may be difficult to predict that far in advance, I am inclined to believe this.

For anyone interested, here is a document listing 2G/3G switch off dates that have been publicly announced by the operators.



Let me know what you think.

Further reading:

Monday, May 1, 2017

Variety of 3GPP IoT technologies and Market Status - May 2017



I have seen many people wondering if so many different types of IoT technologies are needed, 3GPP or otherwise. The story behind that is that for many years 3GPP did not focus too much on creating an IoT variant of the standards. Their hope was that users will make use of LTE Cat 1 for IoT and then later on they created LTE Cat 0 (see here and here).

The problem with this approach was that the market was ripe for a solution to a different types of IoT technologies that 3GPP could not satisfy. The table below is just an indication of the different types of technologies, but there are many others not listed in here.


The most popular IoT (or M2M) technology to date is the humble 2G GSM/GPRS. Couple of weeks back Vodafone announced that it has reached a milestone of 50 million IoT connections worldwide. They are also adding roughly 1 million new connections every month. The majority of these are GSM/GPRS.

Different operators have been assessing their strategy for IoT devices. Some operators have either switched off or are planning to switch off they 2G networks. Others have a long term plan for 2G networks and would rather switch off their 3G networks to refarm the spectrum to more efficient 4G. A small chunk of 2G on the other hand would be a good option for voice & existing IoT devices with small amount of data transfer.

In fact this is one of the reasons that in Release-13 GSM is being enhanced for IoT. This new version is known as Extended Coverage – GSM – Internet of Things (EC-GSM-IoT ). According to GSMA, "It is based on eGPRS and designed as a high capacity, long range, low energy and low complexity cellular system for IoT communications. The optimisations made in EC-GSM-IoT that need to be made to existing GSM networks can be made as a software upgrade, ensuring coverage and accelerated time to-market. Battery life of up to 10 years can be supported for a wide range use cases."

The most popular of the non-3GPP IoT technologies are Sigfox and LoRa. Both these technologies have gained significant ground and many backers in the market. This, along with the gap in the market and the need for low power IoT technologies that transfer just a little amount of data and has a long battery life motivated 3GPP to create new IoT technologies that were standardised as part of Rel-13 and are being further enhanced in Rel-14. A summary of these technologies can be seen below


If you look at the first picture on the top (modified from Qualcomm's original here), you will see that these different IoT technologies, 3GPP or otherwise address different needs. No wonder many operators are using the unlicensed LPWA IoT technologies as a starting point, hoping to complement them by 3GPP technologies when ready.

Finally, looks like there is a difference in understanding of standards between Ericsson and Huawei and as a result their implementation is incompatible. Hopefully this will be sorted out soon.


Market Status:

Telefonica has publicly said that Sigfox is the best way forward for the time being. No news about any 3GPP IoT technologies.

Orange has rolled out LoRa network but has said that when NB-IoT is ready, they will switch the customers on to that.

KPN deployed LoRa throughout the Netherlands thereby making it the first country across the world with complete coverage. Haven't ruled out NB-IoT when available.

SK Telecom completed nationwide LoRa IoT network deployment in South Korea last year. It sees LTE-M and LoRa as Its 'Two Main IoT Pillars'.

Deutsche Telekom has rolled out NarrowBand-IoT (NB-IoT) Network across eight countries in Europe (Germany, the Netherlands, Greece, Poland, Hungary, Austria, Slovakia, Croatia)

Vodafone is fully committed to NB-IoT. Their network is already operational in Spain and will be launching in Ireland and Netherlands later on this year.

Telecom Italia is in process of launching NB-IoT. Water meters in Turin are already sending their readings using NB-IoT.

China Telecom, in conjunction with Shenzhen Water and Huawei launched 'World's First' Commercial NB-IoT-based Smart Water Project on World Water Day.

SoftBank is deploying LTE-M (Cat-M1) and NB-IoT networks nationwide, powered by Ericsson.

Orange Belgium plans to roll-out nationwide NB-IoT & LTE-M IoT Networks in 2017

China Mobile is committed to 3GPP based IoT technologies. It has conducted outdoor trials of NB-IoT with Huawei and ZTE and is also trialing LTE-M with Ericsson and Qualcomm.

Verizon has launched Industry’s first LTE-M Nationwide IoT Network.

AT&T will be launching LTE-M network later on this year in US as well as Mexico.

Sprint said it plans to deploy LTE Cat 1 technology in support of the Internet of Things (IoT) across its network by the end of July.

Further reading: