It will also make it easy to jam the surveillance cameras wireless connections to the head end. Grab your pop-corn and sit down to enjoy another round of the sword vs. the shield while providers make their system more robust to this. In the end the only certainty is that the cheap aspect won't last very long, and some people will make money from it.
Re:What does the hell does NP Hard mean?
on
Pac-Man Is NP-Hard
·
· Score: 2
You can't have an "infinite number" of anything. Infinity doesn't work that way. It simply means arbitrarily large, as in "given any finite value N, I have more than N CPU's in my computer". There's no concept of an infinite number.
There is definitely a concept of infinite, and actually there are several different kinds of infinite. With some infinite bigger than others (size of set of natural numbers vs. real for example), which usually give a "wow" moment the first time you encounter this concept.
There's plenty of funny things with infinite sets. For example, what about the size of the set of positive integers N, and the size of the set of pairs of integers NxN? In a way, for each integer you can have a subset of NxN as large as N: think all (0, n), (1, n), etc. So surely NxN is much bigger than N? Nope, they're actually the same size because you can find a one to one mapping between N and NxN. Think about a growing linear spiral over a 2D grid for example.
For more on this, you can look-up "Aleph number" on wikipedia, or look-up various articles there on infinite and infinity.
Modded "5, Funny" I could have understood, but "5, Informative"?. We need a "meta-funny" modding option.
And I for one would welcome the ones who modded this informative to reply to this comment explaining their rationale. Don't be shy people, we already love you!
It's actually not very applicable to telecommunications. Yes, FFTs are a key item to all OFDM/OFDMA based protocols like WiFi and WiMAX/LTE. But the content is definitely not sparse at all. Each FFT bin is a carrier frequency. In OFDM when transmitting all carriers are used, so clearly not sparse.
In OFDMA only some carriers could be used if the network is lightly loaded, but this can change in real time and you may not know if it's sparse or not in advance (in LTE for example, a device only get its own allocation ahead of time). The worst case will be common, and less efficient than a simple FFT.
That's why the authors mention picture or video or instrument based sounds. Here you can have significant cases with sparse content in the frequency domain, and be quite sure to win on average.
A math coprocessor is designed to speed-up floating point computations. But a FFT can be applied to integers too, and there are plenty of integer based FFT applications (telecom, audio...). In this case a basic FPU will not help you. On such a small processor as in the Arduino any use of the FFT will likely be integer based, with a small FFT size (think coarse spectrum analyzer for example).
The reason I say "basic FPU" above is that it seems to me most vector engines can also operate on integers, not only on floats. So they're not strictly FPU only anymore. And such vector units can typically also be used to speed-up integer FFTs, using a FFT specific addressing scheme (search for "Butterfly diagram" in wikipedia if you're interested). But then we're far from an Arduino;)
Replying to myself... If one is really paranoid, then any system using C2C, LLI or integrating the modem with the AP part on the same die cannot be trusted indeed as JonySuede points out. Even if there is memory protection controlled from the AP, which could be verified if the AP software is open source, you would have to trust that the hardware protection works as intended and cannot be bypassed by the modem firmware.
In practice I don't believe this would happen. To complex, to costly, almost impossible to keep secret. Making the modem and AP part well isolated is really what makes sense.
The diagram may be a bit misleading. If I understand correctly, this STE chip uses two separate dies in the same package connected with a chip-to-chip (C2C) interface. Keeping the modem and application parts on different packages is common in high-end chips, where you can afford the extra cost and it's more flexible as you can easily upgrade each parts independently. That's how it's done too in SnapDragons IIUC.
Now you could be right: the C2C (and it's future extension MIPI LLI) allows the modem to access the AP memory. The idea is to save a SDRAM component on the BOM, as the modem does not need anymore its own memory. If it's not done carefuly, the modem could indeed access to the AP RAM (same as if it's on the same die on a bus). Kind of like the Firewire DMA security issue where a Firewire device can access the whole of a host PC memory (ouch).
However, I sure do hope there is access control in the implementation to make it impossible for the modem to access anything but it's dedicated part of the common SDRAM, controlled from the AP who is the master in the system. The reason is not so much to enforce privacy, but to make the system more reliable and easier to debug. Imagine if a bug on the modem could corrupt the AP part of memory... With modem and AP software handled by different (and large) teams, this would be a nightmare.
But this reliability concern applies equally well to Firewire, and well... protection hasn't been enforced. So yes, there could be a way in some systems for the modem to access the AP memory. It's pretty poor engineering IMHO, and I don't think it'd ever be done intentionally: supporting a spying feature based on this would just be too costly really for the chip companies and they have no interest in this (already so much on their plate...).
No problem: the radio CPU can't access anything on the application CPU (without support software on the application CPU, and here we assume the app CPU software is open source). So the only thing the radio CPU can snoop is the data traffic going over the wireless interface. Which is already visible to the network operator anyway. So there's not much point in hacking the radio chip, it's much much easier to snoop at the network level.
Most European phones can roam on AT&T, but AFAIK, HSUPA is a semi-proprietary extension to UMTS that's mostly unique to AT&T and not used in Europe(?), so even European phones capable of doing 3G on AT&T will be limping along at less than the max data rate (not 100% sure about this one, but I've seen it widely reported that only AT&T-branded phones can achieve the maximum HSUPA data rates)
HSUPA is a standard 3GPP feature, added in release 6 and widely deployed in Europe. Whenever you see "HSPA", it does include both HSDPA (Downlink) and HSUPA (uplink). Now maybe AT&T has some special extensions or deviation from the standard there, I couldn't know. The only time I was on AT&T with a European phone, I never got better than EDGE anyway;)
Europe already has this, and has done since the beginning. You buy your phone and put in a SIM for your chosen network, if you want.
Emphasis on "if you want". It's true that it is legal in Europe to buy an unlocked / SIM free phone, and then you can use any carrier SIM bought separately to access any network. Which is what I do BTW.
But it is also true than in most countries most people buy subsidized phones. Where I leave until recently you didn't have "SIM only" contracts, so even when using your own phone you had to pay the "phone tax" included in your contract, and this goes a long way in explaining why subsidized phones are dominant. After all if you pay anyway, you might as well get the subsidy...
It's starting to change, and you can now get cheaper "SIM only" plans. And this will boost the unsubsidized model I hope, because that way it's cheaper for you and you don't have all the operators "improvements" on your phone;)
There's nothing specific to the OS or anything MS when it comes to multi-band support, so as it's MS slides here I wouldn't expect anything new in this area.
If anything such multi-bands support would be on Nokia side, and the trade-offs are the same for all handset vendors. Adding more bands add cost and may call for some compromise in performance --- a wide band power amplifier is not as efficient as a narrow band one for example. Because of the tight grip US operators have on what's on their network it doesn't make much sense to support all on the same hardware: if the hardware is operator specific anyway, you might as well cost optimize the hardware and support only the operator bands. And add just a few more for international roaming for high end devices. Unless the US carriers open up their network a lot this won't change.
Be sure to check prices before though. It's not uncommon for electronic gadget in Europe to have a price in Euros being the same than the price in USD in the States... Even with a low Euro it's not a good deal.
For 3G, you'll be limited to ATT and T-Mobile while back in the States at best (and I'm not sure all their bands will be supported by a European device => check). So you have to be sure you can get a SIM only contract from either, or that you don't care about 3G while back.
- Specialized functionality can always be more cheaply implemented in ASICs (cryptographic co-processors, new instructions in CPUs, H264 decoding ASICs)
Yes, but only for high volume use-cases where the cost of doing an ASIC (millions of $) is not an issue as it's spread over a large number of chips, and when you don't need the programability an FPGA offer as the specialized function is very well defined and stable. But for small scale applications FPGA rules from a cost point of view. Volume will tell you whether you need to go ASIC or FPGA, assuming other considerations like absolute single chip performance (better with an ASIC), power consumption (lower with an ASIC) or programability (FPGA only) are not factors in the choice. In any case, there's room for both.
But in the case discussed here it's both low volume and flexibility is required, so FPGA make a lot of sense. And even if people able to program FPGAs are harder to find than software developers, well JPM has the financial resources to attract them.
Frankly, the ITU peak rate specification is best ignored... According to it EDGE is 3G because its peak rate is above 384 kpbs. Who really considers EDGE to be 3G? Nobody.
Similarly, the 1 Gbps peak rate criteria for 4G is such a bad joke it's not even funny. Yes, LTE R10 (also known as LTE Advanced) includes a Cat8 that actually goes up to close than 3 Gbps (hey, if you do hype why not go full tilt?). But it requires 8 transmitters and no device can afford that in the real world. And notice how the category just below, Cat7, is "limited" to 300 Mbps and can be implemented with only 2 Tx? (4 possible but optional). Come on, a factor of 10 difference between two categories? That should tell you all you need to know about Cat8. It's a pure paper category.
The IMT Advanced criteria for peak rate are beyond ridiculous. LTE Advanced pays lip service to this by including a totally unpractical category that meets the conditions to get the IMT-A stamp, but nobody will implement this silliness.
It makes more sense IMHO to consider OFDMA standards as 4G, as the move to OFDMA is the big technological break compared to 3G (where all 3G variants are CDMA based).
That's incorrect. The EVO phones have supported simultaneous WiMAX and EVDO data since day one. The HO is make-before-break, which means that when WiMAX gets poor the phone establishes the EVDO session while continuing to use WiMAX, and only switch when EVDO is established (so it's just a very fast local switch of used data interface, and IP address too). Now maybe other phones do it differently, I don't know.
The Android RIL doesn't know about WiMAX at all by the way. So it's up to the handset maker to handle all this on its own.
That's incorrect. LTE is OFDMA, which is completely different from CDMA.
In the 3GPP family, which is made of GSM/GPRS/EDGE 2G, WCDMA/HSPA 3G and now LTE, 2G is simple TDM, 3G uses CDMA and LTE uses OFDMA.
Each new scheme adds interesting properties, but requires more computations.
"CDMA does require more power to operate during peak usage times."
depends on if you're talking about the radio or the processing. CDMA is very process intensive, but the radio is very low.
CDMA phone Power: 0.001watt-1watt(avg 0.2watt) Practical Range Limit: 75KM(no logical limit) - Noise almost doesn't matter and is moderately influenced by structures.
Partially true. CDMA is sensitive to interference, and need a very tight control on power level to be efficient. In practice, this means that a CDMA phone usually transmits at low power. The maximum power is 23 dBm if I remember correctly, but the phone transmit power distribution is centered around 0 dBm.
The way to transmit data is different between CDMA and TDM based system. In basic CDMA there is still a notion of frame, but it is rather long (10 ms from memory). Several user are transmitting on the same frame, using different code spaces. In the end, the tendency is to transmit for a long duration but at low power. TDM based system on the other hand tend to transmit for a short duration at higher power.
With HSPA, we go back a bit toward shorter allocation units (TDM like), while still being CDMA. When possible (user close to the cell, so limited interference to others cells) the system will allocate a unit to a single user (or very few) and use a higher power to use higher modulation and coding scheme and pack more bits/Hz. This "closer to TDM" way of using CDMA is more efficient.
Also, GSM has a limit on how many users it can handle because of the limitation of available channels(FDMA) and how many users it can multiplex via TDMA per channel.
CDMA has no realistic limit(something near a trillion) on how many users it can handle other than signal clarity and processing power.
All systems have a limit. In practice 3G CDMA uses a maximum of 256 codes, so you could only have a theoretical maximum of 256 users at a time (and of course much less in practice). Yes in theory you could use larger code spaces, but it's just not practical and nobody does this.
There's been a lot of hype around CDMA, and it does have advantages. The big one was to make single frequency deployment practical for the first time, and this helps increase overall capacity. But there's no magic, and when it comes to number of users it's just a different way to split the channel capacity: with TDM it's one user at a time, taking the full channel. With CDMA, it's all users at the same time, taking a fraction of the channel maximum capacity. In the end there's no advantage there, just different ways of slicing the resource.
CDMA is EXTREMELY resilient to noise.
TDM, CDMA or OFDMA are about equivalent when it comes to robustness to noise actually. The difference comes from what modulation and coding schemes a standard supports and there may be some differences, but the TDM vs. CDMA vs. OFDMA is not a factor. And the issue is not so much thermal noise but interference in a mobile network. There the way to handle it changes significantly depending on which family is used. But CDMA (as all) is sensitive to interferences, and handling this was the main difficulty in making CDMA work in practice. Actually, it's always the most difficult thing to handle in cellular, whatever the scheme;) But there was a complexity jump with CDMA.
CDMA also has a cool thing called a soft hand-off. A phone can talk to multiple towers at the same time, so even if the primary tower loses signal, the call doesn't get interrupted.
GSM can't do this because each tower has a difference frequency/channel, which means it has to completely drop contact with its primary tower before switching.
That is true, but note that soft HO is not specific to CDMA. It's part of the IEEE 802.16e spec for example, although it's not part of the WiMAX profile (WiMAX features are a subset of the IEEE spec, same for WiFi and IEEE 802.11). And it
On an Incredible S (should be the same as 2, just different market and name) if I use AndExplorer (free app) to look into the device/system/app directory I don't see an HTCLogger.apk file. I'm not experienced enough to say this model is not affected for sure, but it looks like the application causing the problem is not installed. This check is very easy to do, so if an experience Android person can tell whether it's reliable or not it'd be nice.
There's no need for that. A microwave at close distance leaks more power in the WiFi band than a WiFi station at a couple meters of distance. And I don't remember people like this rolling on the floor in pain because they stood in front of the microwave while heating something;)
The FDA limit for a microwave oven is 5 mW per cm^2 at 2 inches. At 20 inches the FDA web page on microwaves says this would be 1/100th times below, so 50 uW/cm^2. Most microwave use a frequency right in the middle of the WiFi band (same freq then).
A WiFi station transmits 100 mW total. Assuming an isotropic antenna (not true, but close enough), at 1 m it is spread over a sphere of 1m or radius, or a surface of more than 125000 cm^2, so ~0.8 uW/cm^2.
I believe it is very unlikely that microwave makers over-engineer their leakage prevention by a factor of more than 60. So you're likely to get much more radiation power by waiting close to your oven than being at 1m from a WiFi station. And of course if you're WiFi sensitive, you're likely to stay very far from WiFi devices, which would make the difference much much bigger.
But hey, let's not get rational thinking get in the way of a dramatic story;)
It doesn't look like it. On my Android handset the display dominates power consumption by far, then the various radios (wifi and cell). The first app is far below at a couple percents only. I don't use games thought, and games can be taxing. But I would assume heavy games are the first users of the native toolkit. If it's typical then the JVM impact is small.
The poor battery performance of a lot of Android phones comes more from a focus on the latest big screens and fast SoCs, and not much low-level hardware/software optimization (time to market is more important that slow and labor intensive platform optimization) than on the JVM impact IMHO.
Sometimes, but you have to be careful when comparing to understand the context.
For example, 2G is usually deployed at 900 MHz while 3G is deployed at 2.1 GHz. The lowest the frequency, the better the propagation characteristics. But 3G at the same frequency is way better than 2G, so when operators "refarm" old 2G frequencies by switching them to 3G, then 3G coverage improves. LTE will be a mixed bag here: the most common frequency bands will be in 2.3 or 2.6 GHz for dense coverage (urban), but in the "digital dividend" bands (old analog TV bands) at 700 or 800 MHz depending on the countries the coverage will be excellent. While 2G had to stay around to provide an umbrella coverage to the higher frequency 3G, an operator with LTE in both 2.6 and 0.8 GHz (should be common in Europe) will have both capacity AND coverage with LTE alone. So there will only be a need for 2G and 3G for legacy devices, but the switch may be faster (once they have deployed. Which they're in no hurry to do, as they want to milk their 3G network whose licenses cost them so dear).
Another factor is the maximum allowed transmit power. Old standards used pretty high max power compared to more modern standards. 2G maximum is 33 dBm for example, while 3G is 23 dBm typically (from memory, I may be a bit off there...). 4G is also at 23 dBm, which is the "new normal" and shouldn't change.
And then of course, there's the form factor. The huge analog brick phones had large external antennas with better gain than the more modern compact phones.
But people want small products that do not fry their brain, and the remaining frequencies tend to be the high ones. Still, if you compared both systems at equal max transmit power and form factor and frequency, the performance of the most recent standards would be better (particularly for non line of sight operation). The tech underneath is truly superior, but the products are optimized for other demands than old analog phones (which had to handle spotty coverage, while 2G products are designed with a good coverage in mind). And it's fair to say that 2G and 3G phones are not designed for the situation you described;)
It won't happen soon. One big practical issue with LTE is that it is deployed in a large number of different bands, with much more diversity than 2G or 3G. The baseband chip is universal, so no problem there. We're going toward universal RF chips too (handling all used bands from 700 MHz to 3.6 GHz typically), so the issue will be handled there too. But then there is the RF front-end with the power amplifier and filters. And here there's no universal solution. If you want more bands, you need to duplicate hardware and increase cost and surface (which is at a premium in handsets).
There is work among worldwide operators to reduce the number of options, but it will be slow and a truly universal LTE system will not happen soon. Still in some areas you will have convergence on a given set of bands (Europe should get there for example).
As for the US, the phones are subsidized and locked to an operator so why add cost to support other operators bands? Unless unlocked phones take off there's no point. And operators don't want this, and there's no Nellie Kross in the States it seems;)
If certificates are managed properly no MITM attack is possible at the WiMAX radio level. Then because WiMAX is pure IP you can't have ARP redirection or other L2 attacks. That leaves IP level redirections?...
I checked the sources listed in the email for more info. Many still doubt the claim (one guy pointing out the lack of WiMAX femto as I did), others defend it... One of the defenders claiming knowing the guy who did it said this: "The WiMAX MitM is possible because of Clear/Sprint's absolutely retarded network configuration, not any problems with the spec it's self.". More credible than seeing EAP-TLS/TTLS and AES broken;)
Later on someone mention using a femto, but it's not clear if it's for the Verizon CDMA attack (easy to find a CDMA femto) or WiMAX. Attacking a femto makes the most sense (physical access to the box allows more attacks). But even if there's no commercial femto, maybe they could get their hands on some second hand reference board? (some people made femto prototypes for WiMAX). That shouldn't work as a WiMAX device MUST check the BS certificate too, and a second hand WiMAX femto should not have a proper one. But as said, some devices are sloppy in authenticating the network.
Could you point to a reference for this? The disclosure email doesn't mention WiMAX at all. I'd be surprised if they'd get a MITM attack on WiMAX (see below from more discussion). If it's WiMAX, more likely they owned a specific device. But breaking a specific device is a very different thing than breaking a protocol.
It was already cracked open as of the last Defcon. Some other cool stuff is being done with it too. The WiMax authentication system is a joke.
Following you comment I tried to find more info on that "crack" and found this WiMAX hacking Defcon presentation at last year Defcon 18. There's no cracking of WiMAX there, just sniffing into some devices and a Clear specific location based services security issue (which is not WiMAX but Clear stuff). No cracking of WiMAX to see there, so if I missed the right announce I'd appreciate a pointer. Because the coolest thing in the presentation was the guys bérets. Ok I'm a bit harsh, the LBS info was interesting too.
Regarding WiMAX authentication, we must be talking about different things if you believe it's a joke.
The way WiMAX operates is that network and devices have X.509 certificates. When a device is not provisioned the device and network mutually authenticate using EAP-TLS, which is considered safe. Based on this encryption is set-up using AES-CTR (from memory), at 128 bits. This is also considered safe.
The unprovisioned device can normally only access a subscription portal, where you give your credit card info and get a subscription. Then the device is provisioned, and reboot in normal mode with Internet access enabled.
The guys doing the WiMAX session at Defcon 18 found a hole in the subscription portal. Using OpenVPN you could bypass it and connect outside and get service for free. This is indeed a security breach, but this has nothing to do with WiMAX itself. This part is operator specific and not standardized. But we're not talking about the WiMAX authentication (EAP-TLS) here, just how an operator handles its subscription portal.
Now once the device is provisioned (with a login and password among other things), it will use EAP-TTLS for authentication. This normally both do device and network level authentication using the same X.509 certificates as with the first EAP-TLS step, and on top of it verifies the login and password for service access. Again, EAP-TTLS is considered secure.
So I don't see any "WiMAX authentication" weakness. To do a MITM attack at the WiMAX level, you would need an owned WiMAX BS with either a real certificate signed by the WiMAX Forum, or a working BS with no proper BS certificate and pawn badly implemented MS that do not authenticate the network (there were some...). Both seem unlikely to me. If there were WiMAX femto BS available it may be more practical, but for WiMAX only macro BS are deployed as far as I know. Somewhat, I don't see these guys owning a cell site...
Still, if anyone has some pointers please share. But for now, from what I know of WiMAX and what I saw in last year presentation I think it's very misleading to say that WiMAX has been cracked.
Slashdot Mirror
It will also make it easy to jam the surveillance cameras wireless connections to the head end. Grab your pop-corn and sit down to enjoy another round of the sword vs. the shield while providers make their system more robust to this. In the end the only certainty is that the cheap aspect won't last very long, and some people will make money from it.
You can't have an "infinite number" of anything. Infinity doesn't work that way. It simply means arbitrarily large, as in "given any finite value N, I have more than N CPU's in my computer". There's no concept of an infinite number.
There is definitely a concept of infinite, and actually there are several different kinds of infinite. With some infinite bigger than others (size of set of natural numbers vs. real for example), which usually give a "wow" moment the first time you encounter this concept.
There's plenty of funny things with infinite sets. For example, what about the size of the set of positive integers N, and the size of the set of pairs of integers NxN? In a way, for each integer you can have a subset of NxN as large as N: think all (0, n), (1, n), etc. So surely NxN is much bigger than N? Nope, they're actually the same size because you can find a one to one mapping between N and NxN. Think about a growing linear spiral over a 2D grid for example.
For more on this, you can look-up "Aleph number" on wikipedia, or look-up various articles there on infinite and infinity.
Modded "5, Funny" I could have understood, but "5, Informative"?. We need a "meta-funny" modding option.
And I for one would welcome the ones who modded this informative to reply to this comment explaining their rationale. Don't be shy people, we already love you!
It's actually not very applicable to telecommunications. Yes, FFTs are a key item to all OFDM/OFDMA based protocols like WiFi and WiMAX/LTE. But the content is definitely not sparse at all. Each FFT bin is a carrier frequency. In OFDM when transmitting all carriers are used, so clearly not sparse.
In OFDMA only some carriers could be used if the network is lightly loaded, but this can change in real time and you may not know if it's sparse or not in advance (in LTE for example, a device only get its own allocation ahead of time). The worst case will be common, and less efficient than a simple FFT.
That's why the authors mention picture or video or instrument based sounds. Here you can have significant cases with sparse content in the frequency domain, and be quite sure to win on average.
A math coprocessor is designed to speed-up floating point computations. But a FFT can be applied to integers too, and there are plenty of integer based FFT applications (telecom, audio...). In this case a basic FPU will not help you. On such a small processor as in the Arduino any use of the FFT will likely be integer based, with a small FFT size (think coarse spectrum analyzer for example).
;)
The reason I say "basic FPU" above is that it seems to me most vector engines can also operate on integers, not only on floats. So they're not strictly FPU only anymore. And such vector units can typically also be used to speed-up integer FFTs, using a FFT specific addressing scheme (search for "Butterfly diagram" in wikipedia if you're interested). But then we're far from an Arduino
Replying to myself... If one is really paranoid, then any system using C2C, LLI or integrating the modem with the AP part on the same die cannot be trusted indeed as JonySuede points out. Even if there is memory protection controlled from the AP, which could be verified if the AP software is open source, you would have to trust that the hardware protection works as intended and cannot be bypassed by the modem firmware.
In practice I don't believe this would happen. To complex, to costly, almost impossible to keep secret. Making the modem and AP part well isolated is really what makes sense.
The diagram may be a bit misleading. If I understand correctly, this STE chip uses two separate dies in the same package connected with a chip-to-chip (C2C) interface. Keeping the modem and application parts on different packages is common in high-end chips, where you can afford the extra cost and it's more flexible as you can easily upgrade each parts independently. That's how it's done too in SnapDragons IIUC.
Now you could be right: the C2C (and it's future extension MIPI LLI) allows the modem to access the AP memory. The idea is to save a SDRAM component on the BOM, as the modem does not need anymore its own memory. If it's not done carefuly, the modem could indeed access to the AP RAM (same as if it's on the same die on a bus). Kind of like the Firewire DMA security issue where a Firewire device can access the whole of a host PC memory (ouch).
However, I sure do hope there is access control in the implementation to make it impossible for the modem to access anything but it's dedicated part of the common SDRAM, controlled from the AP who is the master in the system. The reason is not so much to enforce privacy, but to make the system more reliable and easier to debug. Imagine if a bug on the modem could corrupt the AP part of memory... With modem and AP software handled by different (and large) teams, this would be a nightmare.
But this reliability concern applies equally well to Firewire, and well... protection hasn't been enforced. So yes, there could be a way in some systems for the modem to access the AP memory. It's pretty poor engineering IMHO, and I don't think it'd ever be done intentionally: supporting a spying feature based on this would just be too costly really for the chip companies and they have no interest in this (already so much on their plate...).
No problem: the radio CPU can't access anything on the application CPU (without support software on the application CPU, and here we assume the app CPU software is open source). So the only thing the radio CPU can snoop is the data traffic going over the wireless interface. Which is already visible to the network operator anyway. So there's not much point in hacking the radio chip, it's much much easier to snoop at the network level.
Most European phones can roam on AT&T, but AFAIK, HSUPA is a semi-proprietary extension to UMTS that's mostly unique to AT&T and not used in Europe(?), so even European phones capable of doing 3G on AT&T will be limping along at less than the max data rate (not 100% sure about this one, but I've seen it widely reported that only AT&T-branded phones can achieve the maximum HSUPA data rates)
HSUPA is a standard 3GPP feature, added in release 6 and widely deployed in Europe. Whenever you see "HSPA", it does include both HSDPA (Downlink) and HSUPA (uplink). Now maybe AT&T has some special extensions or deviation from the standard there, I couldn't know. The only time I was on AT&T with a European phone, I never got better than EDGE anyway ;)
Europe already has this, and has done since the beginning. You buy your phone and put in a SIM for your chosen network, if you want.
Emphasis on "if you want". It's true that it is legal in Europe to buy an unlocked / SIM free phone, and then you can use any carrier SIM bought separately to access any network. Which is what I do BTW.
;)
But it is also true than in most countries most people buy subsidized phones. Where I leave until recently you didn't have "SIM only" contracts, so even when using your own phone you had to pay the "phone tax" included in your contract, and this goes a long way in explaining why subsidized phones are dominant. After all if you pay anyway, you might as well get the subsidy...
It's starting to change, and you can now get cheaper "SIM only" plans. And this will boost the unsubsidized model I hope, because that way it's cheaper for you and you don't have all the operators "improvements" on your phone
There's nothing specific to the OS or anything MS when it comes to multi-band support, so as it's MS slides here I wouldn't expect anything new in this area.
If anything such multi-bands support would be on Nokia side, and the trade-offs are the same for all handset vendors. Adding more bands add cost and may call for some compromise in performance --- a wide band power amplifier is not as efficient as a narrow band one for example. Because of the tight grip US operators have on what's on their network it doesn't make much sense to support all on the same hardware: if the hardware is operator specific anyway, you might as well cost optimize the hardware and support only the operator bands. And add just a few more for international roaming for high end devices. Unless the US carriers open up their network a lot this won't change.
Be sure to check prices before though. It's not uncommon for electronic gadget in Europe to have a price in Euros being the same than the price in USD in the States... Even with a low Euro it's not a good deal.
For 3G, you'll be limited to ATT and T-Mobile while back in the States at best (and I'm not sure all their bands will be supported by a European device => check). So you have to be sure you can get a SIM only contract from either, or that you don't care about 3G while back.
- Specialized functionality can always be more cheaply implemented in ASICs (cryptographic co-processors, new instructions in CPUs, H264 decoding ASICs)
Yes, but only for high volume use-cases where the cost of doing an ASIC (millions of $) is not an issue as it's spread over a large number of chips, and when you don't need the programability an FPGA offer as the specialized function is very well defined and stable. But for small scale applications FPGA rules from a cost point of view. Volume will tell you whether you need to go ASIC or FPGA, assuming other considerations like absolute single chip performance (better with an ASIC), power consumption (lower with an ASIC) or programability (FPGA only) are not factors in the choice. In any case, there's room for both.
But in the case discussed here it's both low volume and flexibility is required, so FPGA make a lot of sense. And even if people able to program FPGAs are harder to find than software developers, well JPM has the financial resources to attract them.
Frankly, the ITU peak rate specification is best ignored... According to it EDGE is 3G because its peak rate is above 384 kpbs. Who really considers EDGE to be 3G? Nobody.
Similarly, the 1 Gbps peak rate criteria for 4G is such a bad joke it's not even funny. Yes, LTE R10 (also known as LTE Advanced) includes a Cat8 that actually goes up to close than 3 Gbps (hey, if you do hype why not go full tilt?). But it requires 8 transmitters and no device can afford that in the real world. And notice how the category just below, Cat7, is "limited" to 300 Mbps and can be implemented with only 2 Tx? (4 possible but optional). Come on, a factor of 10 difference between two categories? That should tell you all you need to know about Cat8. It's a pure paper category.
The IMT Advanced criteria for peak rate are beyond ridiculous. LTE Advanced pays lip service to this by including a totally unpractical category that meets the conditions to get the IMT-A stamp, but nobody will implement this silliness.
It makes more sense IMHO to consider OFDMA standards as 4G, as the move to OFDMA is the big technological break compared to 3G (where all 3G variants are CDMA based).
That's incorrect. The EVO phones have supported simultaneous WiMAX and EVDO data since day one. The HO is make-before-break, which means that when WiMAX gets poor the phone establishes the EVDO session while continuing to use WiMAX, and only switch when EVDO is established (so it's just a very fast local switch of used data interface, and IP address too). Now maybe other phones do it differently, I don't know.
The Android RIL doesn't know about WiMAX at all by the way. So it's up to the handset maker to handle all this on its own.
That's incorrect. LTE is OFDMA, which is completely different from CDMA.
In the 3GPP family, which is made of GSM/GPRS/EDGE 2G, WCDMA/HSPA 3G and now LTE, 2G is simple TDM, 3G uses CDMA and LTE uses OFDMA.
Each new scheme adds interesting properties, but requires more computations.
"CDMA does require more power to operate during peak usage times."
depends on if you're talking about the radio or the processing. CDMA is very process intensive, but the radio is very low.
CDMA phone Power: 0.001watt-1watt(avg 0.2watt) Practical Range Limit: 75KM(no logical limit) - Noise almost doesn't matter and is moderately influenced by structures.
Partially true. CDMA is sensitive to interference, and need a very tight control on power level to be efficient. In practice, this means that a CDMA phone usually transmits at low power. The maximum power is 23 dBm if I remember correctly, but the phone transmit power distribution is centered around 0 dBm.
The way to transmit data is different between CDMA and TDM based system. In basic CDMA there is still a notion of frame, but it is rather long (10 ms from memory). Several user are transmitting on the same frame, using different code spaces. In the end, the tendency is to transmit for a long duration but at low power. TDM based system on the other hand tend to transmit for a short duration at higher power.
With HSPA, we go back a bit toward shorter allocation units (TDM like), while still being CDMA. When possible (user close to the cell, so limited interference to others cells) the system will allocate a unit to a single user (or very few) and use a higher power to use higher modulation and coding scheme and pack more bits/Hz. This "closer to TDM" way of using CDMA is more efficient.
Also, GSM has a limit on how many users it can handle because of the limitation of available channels(FDMA) and how many users it can multiplex via TDMA per channel.
CDMA has no realistic limit(something near a trillion) on how many users it can handle other than signal clarity and processing power.
All systems have a limit. In practice 3G CDMA uses a maximum of 256 codes, so you could only have a theoretical maximum of 256 users at a time (and of course much less in practice). Yes in theory you could use larger code spaces, but it's just not practical and nobody does this.
There's been a lot of hype around CDMA, and it does have advantages. The big one was to make single frequency deployment practical for the first time, and this helps increase overall capacity. But there's no magic, and when it comes to number of users it's just a different way to split the channel capacity: with TDM it's one user at a time, taking the full channel. With CDMA, it's all users at the same time, taking a fraction of the channel maximum capacity. In the end there's no advantage there, just different ways of slicing the resource.
CDMA is EXTREMELY resilient to noise.
TDM, CDMA or OFDMA are about equivalent when it comes to robustness to noise actually. The difference comes from what modulation and coding schemes a standard supports and there may be some differences, but the TDM vs. CDMA vs. OFDMA is not a factor. And the issue is not so much thermal noise but interference in a mobile network. There the way to handle it changes significantly depending on which family is used. But CDMA (as all) is sensitive to interferences, and handling this was the main difficulty in making CDMA work in practice. Actually, it's always the most difficult thing to handle in cellular, whatever the scheme ;) But there was a complexity jump with CDMA.
CDMA also has a cool thing called a soft hand-off. A phone can talk to multiple towers at the same time, so even if the primary tower loses signal, the call doesn't get interrupted.
GSM can't do this because each tower has a difference frequency/channel, which means it has to completely drop contact with its primary tower before switching.
That is true, but note that soft HO is not specific to CDMA. It's part of the IEEE 802.16e spec for example, although it's not part of the WiMAX profile (WiMAX features are a subset of the IEEE spec, same for WiFi and IEEE 802.11). And it
On an Incredible S (should be the same as 2, just different market and name) if I use AndExplorer (free app) to look into the device /system/app directory I don't see an HTCLogger.apk file. I'm not experienced enough to say this model is not affected for sure, but it looks like the application causing the problem is not installed. This check is very easy to do, so if an experience Android person can tell whether it's reliable or not it'd be nice.
There's no need for that. A microwave at close distance leaks more power in the WiFi band than a WiFi station at a couple meters of distance. And I don't remember people like this rolling on the floor in pain because they stood in front of the microwave while heating something ;)
;)
The FDA limit for a microwave oven is 5 mW per cm^2 at 2 inches. At 20 inches the FDA web page on microwaves says this would be 1/100th times below, so 50 uW/cm^2. Most microwave use a frequency right in the middle of the WiFi band (same freq then).
A WiFi station transmits 100 mW total. Assuming an isotropic antenna (not true, but close enough), at 1 m it is spread over a sphere of 1m or radius, or a surface of more than 125000 cm^2, so ~0.8 uW/cm^2.
I believe it is very unlikely that microwave makers over-engineer their leakage prevention by a factor of more than 60. So you're likely to get much more radiation power by waiting close to your oven than being at 1m from a WiFi station. And of course if you're WiFi sensitive, you're likely to stay very far from WiFi devices, which would make the difference much much bigger.
But hey, let's not get rational thinking get in the way of a dramatic story
It doesn't look like it. On my Android handset the display dominates power consumption by far, then the various radios (wifi and cell). The first app is far below at a couple percents only. I don't use games thought, and games can be taxing. But I would assume heavy games are the first users of the native toolkit. If it's typical then the JVM impact is small.
The poor battery performance of a lot of Android phones comes more from a focus on the latest big screens and fast SoCs, and not much low-level hardware/software optimization (time to market is more important that slow and labor intensive platform optimization) than on the JVM impact IMHO.
Sometimes, but you have to be careful when comparing to understand the context.
;)
For example, 2G is usually deployed at 900 MHz while 3G is deployed at 2.1 GHz. The lowest the frequency, the better the propagation characteristics. But 3G at the same frequency is way better than 2G, so when operators "refarm" old 2G frequencies by switching them to 3G, then 3G coverage improves.
LTE will be a mixed bag here: the most common frequency bands will be in 2.3 or 2.6 GHz for dense coverage (urban), but in the "digital dividend" bands (old analog TV bands) at 700 or 800 MHz depending on the countries the coverage will be excellent. While 2G had to stay around to provide an umbrella coverage to the higher frequency 3G, an operator with LTE in both 2.6 and 0.8 GHz (should be common in Europe) will have both capacity AND coverage with LTE alone. So there will only be a need for 2G and 3G for legacy devices, but the switch may be faster (once they have deployed. Which they're in no hurry to do, as they want to milk their 3G network whose licenses cost them so dear).
Another factor is the maximum allowed transmit power. Old standards used pretty high max power compared to more modern standards. 2G maximum is 33 dBm for example, while 3G is 23 dBm typically (from memory, I may be a bit off there...). 4G is also at 23 dBm, which is the "new normal" and shouldn't change.
And then of course, there's the form factor. The huge analog brick phones had large external antennas with better gain than the more modern compact phones.
But people want small products that do not fry their brain, and the remaining frequencies tend to be the high ones. Still, if you compared both systems at equal max transmit power and form factor and frequency, the performance of the most recent standards would be better (particularly for non line of sight operation). The tech underneath is truly superior, but the products are optimized for other demands than old analog phones (which had to handle spotty coverage, while 2G products are designed with a good coverage in mind). And it's fair to say that 2G and 3G phones are not designed for the situation you described
It won't happen soon. One big practical issue with LTE is that it is deployed in a large number of different bands, with much more diversity than 2G or 3G. The baseband chip is universal, so no problem there. We're going toward universal RF chips too (handling all used bands from 700 MHz to 3.6 GHz typically), so the issue will be handled there too. But then there is the RF front-end with the power amplifier and filters. And here there's no universal solution. If you want more bands, you need to duplicate hardware and increase cost and surface (which is at a premium in handsets).
;)
There is work among worldwide operators to reduce the number of options, but it will be slow and a truly universal LTE system will not happen soon. Still in some areas you will have convergence on a given set of bands (Europe should get there for example).
As for the US, the phones are subsidized and locked to an operator so why add cost to support other operators bands? Unless unlocked phones take off there's no point. And operators don't want this, and there's no Nellie Kross in the States it seems
If certificates are managed properly no MITM attack is possible at the WiMAX radio level. Then because WiMAX is pure IP you can't have ARP redirection or other L2 attacks. That leaves IP level redirections?...
Thanks for the pointer!
;)
I checked the sources listed in the email for more info. Many still doubt the claim (one guy pointing out the lack of WiMAX femto as I did), others defend it... One of the defenders claiming knowing the guy who did it said this: "The WiMAX MitM is possible because of Clear/Sprint's absolutely retarded network configuration, not any problems with the spec it's self.". More credible than seeing EAP-TLS/TTLS and AES broken
Later on someone mention using a femto, but it's not clear if it's for the Verizon CDMA attack (easy to find a CDMA femto) or WiMAX. Attacking a femto makes the most sense (physical access to the box allows more attacks). But even if there's no commercial femto, maybe they could get their hands on some second hand reference board? (some people made femto prototypes for WiMAX). That shouldn't work as a WiMAX device MUST check the BS certificate too, and a second hand WiMAX femto should not have a proper one. But as said, some devices are sloppy in authenticating the network.
It's WiMax that's fallen.
Could you point to a reference for this? The disclosure email doesn't mention WiMAX at all. I'd be surprised if they'd get a MITM attack on WiMAX (see below from more discussion). If it's WiMAX, more likely they owned a specific device. But breaking a specific device is a very different thing than breaking a protocol.
It was already cracked open as of the last Defcon. Some other cool stuff is being done with it too. The WiMax authentication system is a joke.
Following you comment I tried to find more info on that "crack" and found this WiMAX hacking Defcon presentation at last year Defcon 18. There's no cracking of WiMAX there, just sniffing into some devices and a Clear specific location based services security issue (which is not WiMAX but Clear stuff). No cracking of WiMAX to see there, so if I missed the right announce I'd appreciate a pointer. Because the coolest thing in the presentation was the guys bérets. Ok I'm a bit harsh, the LBS info was interesting too.
Regarding WiMAX authentication, we must be talking about different things if you believe it's a joke.
The way WiMAX operates is that network and devices have X.509 certificates. When a device is not provisioned the device and network mutually authenticate using EAP-TLS, which is considered safe. Based on this encryption is set-up using AES-CTR (from memory), at 128 bits. This is also considered safe.
The unprovisioned device can normally only access a subscription portal, where you give your credit card info and get a subscription. Then the device is provisioned, and reboot in normal mode with Internet access enabled.
The guys doing the WiMAX session at Defcon 18 found a hole in the subscription portal. Using OpenVPN you could bypass it and connect outside and get service for free. This is indeed a security breach, but this has nothing to do with WiMAX itself. This part is operator specific and not standardized. But we're not talking about the WiMAX authentication (EAP-TLS) here, just how an operator handles its subscription portal.
Now once the device is provisioned (with a login and password among other things), it will use EAP-TTLS for authentication. This normally both do device and network level authentication using the same X.509 certificates as with the first EAP-TLS step, and on top of it verifies the login and password for service access. Again, EAP-TTLS is considered secure.
So I don't see any "WiMAX authentication" weakness. To do a MITM attack at the WiMAX level, you would need an owned WiMAX BS with either a real certificate signed by the WiMAX Forum, or a working BS with no proper BS certificate and pawn badly implemented MS that do not authenticate the network (there were some...). Both seem unlikely to me. If there were WiMAX femto BS available it may be more practical, but for WiMAX only macro BS are deployed as far as I know. Somewhat, I don't see these guys owning a cell site...
Still, if anyone has some pointers please share. But for now, from what I know of WiMAX and what I saw in last year presentation I think it's very misleading to say that WiMAX has been cracked.