At this one industrial customer I visit every week for a full day, my Verizon cell phone date/time time will suddenly change back by 19 years, six months, and some days (I don't have the exact value). This has been going on for almost a year. My pet theory was that law enforcement turned on a stingray nearby back in 2020, it came up with a default date of 1/1/2001, and has been running ever since. Steel building with warehouse plus office space. No one in the building is running one of those cell phone boosters that plug into customer internet and act as a mini tower. My newish pixel 4 and my previous Moto phone both demonstrate the problem. I don't have the fortitude to call Verizon and work through support to get to someone who would understand the problem. Has this happened to anyone else? Any other theories on what it is? (My workaround is to turn off updating date and time from the network)
It is not uncommon that entire towers or basebands have invalid time.
Some of the reason that i encountered personally:
- Badly configured basebands (for example lack of summer/winter time change flag!)
- Broken PTP
- Stations that take time from NTP which does not exist or does not have route to.
- I don't know the name for it, but getting time from local Nodeb is an feature - and sometimes features are not active or licensed[1].
- Station setup with GPS instead PTP/NTP (let's say for 2G or some slower HDSPA modes) with broken GPS module itself
- Software error [basebands have multiple versions of software, same goes for APG's, SCU'S, RRU's and dozen other black boxes. Even cabinet itself have some software.
This is big pain in the ass to keep them all updated in large network - as upgrade process can be disruptive and sometimes it is better to not upgrade [cases of some really wacky stations]...
- Problem with software in terms of PTP implemetation. For example there are some discrepancies between Huawei and Ericsson software when it comes to PTP.
[1].
This is big shocker for Open Source Software community:
- EVERY SINGLE FEATURE in base station is not only NOT free, but Telecoms needs to pay them every single month[all manufactures: Nokia, Ericsson, HUA do that]. We are talking here in about 100-200 licenses for various features per site alone. If you don't buy new license every 28 days - your base station will turn off and it's nothing you can do.
- Hardware provider can also refuse to give you new licenses in theory...
- This is real hell of SaS world that NO ONE is talking about.
Yep, i complained and they fixed it (mobile operator or the stingray.. don't know who caused the issue or if there even was a stingray (or just a misconfigured basestation)).
The problem i had is, that the time in my case was in the future, so when i called someone (personA) from within that cell, the call was made sometime in 2025... this wouldn't bother me in general, but when you use the redial function in your headset (double tap on the button), the phone would call the last dialed number (which means max(timestamp), not the actual last call), and instead of ringing the last person dialed (eg. personB), it would redial the personA I called from the affected cell, and after misdialing them by accident, a couple of times, I had to manual remove that call from the calllog, to get the redial to work again... until I entered that cell again and called someone from there again.
A guy on a team that I worked on detected one of those devices and called the university police (we were a tenant in a university building), who laughed, and then proceeded to methodically and politely walk the hierarchy of agencies with jurisdiction (sheriff, city police, state police, FBI field office, FCC, etc). I believe he called a member of Congress as well.
Eventually somebody figured out that he wasn’t going away, and a couple of very pleasant guys popped in and dropped off their business cards. They told him it wouldn’t be a problem anymore and to give them a call if it became a problem again.
End of the day, if someone is creating interference, they need to stop. If you have the time and inclination, complain and they will.
Yes, a similar thing used to happen to me just at this one particular bar in Chelsea. But it wasn't off by 19 years, it was off by just an hour, which is worse in a way. That made for some confusing drunken time warps until I figured out the pattern...
Something similar has also happened to me. In my case, the symptom was that the TOTP 2FA to systems at work started to fail. It took me some time to find that the cause was an around 1 minute offset between my phone and the correct (NTP-synchronized) time as shown by my desktop. Setting the phone to not synchronize its date/time to the network (and correcting its time) fixed it, but it's annoying since without the network synchronization, the time slowly drifts. My theory is that there's one single tower that does not have its time correctly synchronized, and that annoyingly it's the "best" tower when I'm sitting at my desk.
Since then, I've not trusted that automatic network time adjustment, and I leave it disabled. Periodically, I check if it's drifted too much, and if it has, I quickly enable and then disable the network time adjustment (in a place far from the misconfigured tower).
It happened to me. 1 hour off. It was related to DST. I missed a meeting because of this. Since then I disable "automatic time from network" on my new phones and have a casio watch. I thought the tower was misconfigured, why do you suppose it's a stingray?
There is a simpler explanation: I once worked an (industrial+officies) site of high-tech company, and they had their own private Cell tower, with phones that only worked on the site; maybe they forgot to update the time. IIRC, small base stations have been deployed at hacker events(CCC) with similar internal-only features.
On a related note, this same mechanism can be used as a fallback for GPS to determine device location.
I have worked on an IoT device with builtin SIM in the personal alarm space. Often when a device is indoors no GPS fix can be found, but the GSM module can report all celltower ids in range with signal strengths. These can be used to triangulate the device location. Google has an API for this where you can pass celtower ids and signal strengths.
edit: and of course similar triangulation fallbacks/methods can be applied to WiFi AP's or Bluetooth Beacons, if you have a database with APs or beacons and their location. This database can be externally sourced but also built automatically by sending celltower ids/aps/beacons along with GPS fixes. I assume this is one of the many things Google is doing with their fleet of Streetview cars.
This is nicely done, and takes me back to when I worked in mobile network planning.
Most people are blissfully unaware of how much radio chatter and constant adjustment is actually holding up their browsing session from second to second, with the UE negotiating the best possible terms (power, throughput, etc.) with adjacent cell towers before it decides (or is prompted) to hand-over to a new cell.
Optimizing cell hand-over and adjacency matrices is something that operators need to do quite frequently as traffic patterns and network topology change and a computationally neat problem that can be scaled horizontally (I once optimized one such job to run in 4 hours instead of 24).
I learned that the cellular protocol stack wasn't as simple as it seemed when I was debugging my VoIP library under different network conditions. I would go into the *#*#INFO#*#* menu on an Android phone and force it to a particular network type. 2G/EDGE provided just barely enough throughput for me to fit my packets through on my lowest bitrate. But sometimes there were periods when the packets would just stop coming through. This would last for a perceptible amount of time, sometimes even more than a second, but after that, all the packets I sent during that time would come through in a burst. That's how I found out about the RLC protocol that's somewhere in the stack in 2G, 3G, and 4G, and that it has this "acknowledged mode", and that in this mode it does retransmissions if there are bit errors. This also made it very clear why TCP sometimes struggles so much when running over a 2G connection.
Anyway, I wish there was something like Wireshark to which I could connect a phone and see it talk to the cell towers in real time. This would really help understand how this all works.
Um, I'm pretty sure that there is not much of that handover stuff happening while browsing hacker news since that's likely in a low-velocity scenario, i.e., sitting on the toilet.
>Most people are blissfully unaware of how much radio chatter and constant adjustment is actually holding up their browsing session from second to second, with the UE negotiating the best possible terms (power, throughput, etc.) with adjacent cell towers before it decides (or is prompted) to hand-over to a new cell.
My experience in my networking class in college and how complex even a TCP/IP connection is over a reliable wired connection was enough to make me run screaming from the field as a profession.
The fact that I can get 200/mbit on my phone today still astounds me.
It's an interesting, but even to me an intimidating field.
Something like this would make it pretty easy to spot one of those stingray devices, I bet. Cell towers tend to stay put, so mapping out an area would go quick. Were a new 'tower' show up in an odd spot -- there may be shenanigans at hand.
I always have put my phone in air plane mode when i was in a train due to the modem consuming a lot more energy.
I always assumed and still doe its due switching towers and less connecitivy which means using more power.
Whenever people argue that public transport doesn't need wifi i would argue against it due to power usage and also for more accessablity of the internet in general.
I think trains are kind of a special case in telephony when it comes to handoffs. It’s a unique situation where you have hundreds and hundreds of UEs[0] having to detach and re-attach, which makes for a very busy MME[1]. Sometimes those phones are only briefly connected to a given eNB[2] too, which makes all that effort for naught.
[0] Phones
[1] The system which sits immediately behind cell towers and coordinates handoffs
As the essay notes, it's through TelephonyManager on Android. On iOS it used to be possible through CoreTelephony private APIs, but I think Apple cracked down on these a few years back and either removed them entirely or locked them down behind entitlements, as they were getting abused by analytics frameworks.
Btw you do use this with stingrays to trick the phone into full power boost so it will use the battery very quickly. Useful if you want to encourage the user to go home to charge.
I don’t remember the details but it has to do with selecting which cell tower is the best and how strong the cell phone needs to boost the signal are two different steps. Or at least used to be 10 years ago.
> According to the LTE specs, cell-towers don't have to perform UE hand-overs like in GSM/UMTS. The phone starts camping on the next tower while remaining in RCC_IDLE mode without emitting data. Not only does this save battery, it also means operators don't really know where the phone is as long as it remains in the same LAC.
And another tip: I wanted to know what "very expensive" means for LTE-related literature, so I searched DuckDuckGo for the first book mentioned (sold on Amazon for $105) and the second result was an OCR'd PDF at huaweicup.ru
The iPhone entries in the table could give a misleading impression of the timing. UMTS 3G phones had long been commonplace by the time the iPhone 1 was announced.
How much does the positioning of the phone in the car affect it's antenna effectiveness and directionality. I'm astounded that you can "bury" the phone in a pit beside the gear shift with a pile of metal on top (the dashboard) and it still works.
The engineering me needs to place antennas optimally! Even though burying the phone in a pit and it still works it still irks me and I want to see it in an optimal placement where it is minimally shielded. Why don't car manufacturers have a place for the phone in the roof or something so that it gets optimal antenna placement? Yes it would be unseemly but wouldn't we get much better reception?
It's a side note at most, but the history of technology at the end of the article is a little bit misleading as it lacks the dates for the technologies. It seems to list the most notable devices for each category. Some of them appeared several years after a technology became mainstream.
Examples:
The Nokia 3310 is from the end of 2000 but 2G mobile phones were already in everybody's hands by then, at least here in Italy. The boom started in 1997. I resisted until 1999, then my boss gave one to me because "I don't want to call [another guy with a mobile] to talk with you" :-) It was the Nokia 8110 (Neo's phone in The Matrix.)
3G/UMTS was launched in Europe in 2003, much before the first 3G capable iPhone (2008). The marketing word in 2003 for UMTS was UMTS. The first device was the NEC 606 [1], from the 3 mobile operator (Italy, UK and a number of other countries.) There were a number of popular 3G phones in the 5 years before the iPhone 3G.
By the way, the NEC 6060 did video calls too. The screen was low resolution (not by the standards of the time) and the price was outrageous (4 times the voice calls?) Not a very popular feature and yet it was there.
It's quite hilarious seeing bunch of skilled and intelligent hackers being excited regrading process known as "Handover" :) It is well known, and well documented in every single book in subject...
Worth to mention that there are 3 types of handovers:
- Intra-relations: user can be switched between various cells at same tower.
- Intra-relations but with handover to lower technology (let's say when 4g is not available[too much traffic], so you will be dropped to let's say 3g or even 2g cell)
- External-relations: relations between cells on different towers.
As for towers:
- Not all operators allows for local roaming between various operators.
- Most towers have 3-5 sectors (pizza slices), but it's not that unusual to see OMNI antennas(single sector for 360 degrees).
The most interesting part of this article IMO is how the author built handover visualizations with unprivileged code and explained what was exposed in the API on Android vs iOS that was needed to do this. And they're quite good.
Handovers can exist on a higher level as well. 10 years ago there were calling apps that could handover a WiFi VoIP call to the gsm network (not using voip but actual gsm) when the WiFi goes bad and later switch the same call back to WiFi.
This was a good read. I laughed out loud when I read the notes column of their cell technology matrix which listed Mr Drummond and Gordan Gecko for 0G and 1G respectively.
I can also highly recommend the book "High Performance Browser Networking" by Ilya Grigorik referenced by this post. Although it's almost 8 years old most of is still very relevant. Although it would be wonderful if he would update it to reflect changes in TLS and 5G.
I also really liked the layout and fonts on this person's site. It has an almost 'zine aesthetic. Very easy on the eyes. Does anyone know what they might be using to produce this?
Those visualizations remind me of living in WV, where even the greatly exaggerated maps of coverage produced by the carriers clearly follow only the major highways and like 30% of the cities.
This is very interesting presentation. I wonder if the author considered researching the inter-eNB and backhaul latency and how it affected UE latency.
Towers are just locations of at least one set of sender and receiver. There can be more than one set of these at a given location, meaning that more than one cell can originate from a single tower.
The first graphic visualizes this. Recption of the same cell is indicated by the same color there, while towers are at the points that these colored cones radiate from. Several cones of different colors start at the same points, visualizing that there are towers that are providing more than one cell.
Observe that the reception can jump back and forth between the same cells as can be seen on the brown and blue colored cells in the top left corner of the graphic.
>- Several cellIDs map to the same eNB lat/long coordinates. That's because the antennas mounted on an eNB don't have 360° coverage. The angle and range of each antenna carves the space into pizza slice shaped cells.
It's explained in the article, one tower can have multiple antennas (author found out they're typically set at 120°) on a single mast.
Each antenna is then a cell, altough mounted on a single tower.
it gets even more fun when you throw in beamforming.
a tower is just a mast on which radios are mounted. a site is the location of the equipment. a node is the name for a set of radios and base systems. a nodes service can be divided in to sectors. a cell is usually a certain coverage area served, the frequency of cells will differ a bit from it's neighbor to stop interface. and a beam is specific focused radio that serves one UE.
The tower is what it sounds like, it is one physical structure containing the communications equipment, also called a Base Transceiver Station (BTS) [1]. The cell is the individual communications panel on the tower, also known as a CellID [2]. There are typically 3 panels on a tower, each covering 1/3rd of the surrounding area. So the tower gives you the physical location, and the cell gives you the general direction.
[+] [-] qb2021|4 years ago|reply
[+] [-] hansor|4 years ago|reply
- Badly configured basebands (for example lack of summer/winter time change flag!)
- Broken PTP
- Stations that take time from NTP which does not exist or does not have route to.
- I don't know the name for it, but getting time from local Nodeb is an feature - and sometimes features are not active or licensed[1].
- Station setup with GPS instead PTP/NTP (let's say for 2G or some slower HDSPA modes) with broken GPS module itself
- Software error [basebands have multiple versions of software, same goes for APG's, SCU'S, RRU's and dozen other black boxes. Even cabinet itself have some software. This is big pain in the ass to keep them all updated in large network - as upgrade process can be disruptive and sometimes it is better to not upgrade [cases of some really wacky stations]...
- Problem with software in terms of PTP implemetation. For example there are some discrepancies between Huawei and Ericsson software when it comes to PTP.
[1]. This is big shocker for Open Source Software community:
- EVERY SINGLE FEATURE in base station is not only NOT free, but Telecoms needs to pay them every single month[all manufactures: Nokia, Ericsson, HUA do that]. We are talking here in about 100-200 licenses for various features per site alone. If you don't buy new license every 28 days - your base station will turn off and it's nothing you can do.
- Hardware provider can also refuse to give you new licenses in theory...
- This is real hell of SaS world that NO ONE is talking about.
[+] [-] ajsnigrutin|4 years ago|reply
The problem i had is, that the time in my case was in the future, so when i called someone (personA) from within that cell, the call was made sometime in 2025... this wouldn't bother me in general, but when you use the redial function in your headset (double tap on the button), the phone would call the last dialed number (which means max(timestamp), not the actual last call), and instead of ringing the last person dialed (eg. personB), it would redial the personA I called from the affected cell, and after misdialing them by accident, a couple of times, I had to manual remove that call from the calllog, to get the redial to work again... until I entered that cell again and called someone from there again.
[+] [-] Spooky23|4 years ago|reply
Eventually somebody figured out that he wasn’t going away, and a couple of very pleasant guys popped in and dropped off their business cards. They told him it wouldn’t be a problem anymore and to give them a call if it became a problem again.
End of the day, if someone is creating interference, they need to stop. If you have the time and inclination, complain and they will.
[+] [-] dTal|4 years ago|reply
https://en.wikipedia.org/wiki/GPS_week_number_rollover
[+] [-] montroser|4 years ago|reply
[+] [-] cesarb|4 years ago|reply
Since then, I've not trusted that automatic network time adjustment, and I leave it disabled. Periodically, I check if it's drifted too much, and if it has, I quickly enable and then disable the network time adjustment (in a place far from the misconfigured tower).
[+] [-] slim|4 years ago|reply
[+] [-] Aissen|4 years ago|reply
[+] [-] Kipters|4 years ago|reply
This was when SMS were still widely used, so that made for very messed up chats since received messages carried the correct timestamp
[+] [-] vbsteven|4 years ago|reply
I have worked on an IoT device with builtin SIM in the personal alarm space. Often when a device is indoors no GPS fix can be found, but the GSM module can report all celltower ids in range with signal strengths. These can be used to triangulate the device location. Google has an API for this where you can pass celtower ids and signal strengths.
edit: and of course similar triangulation fallbacks/methods can be applied to WiFi AP's or Bluetooth Beacons, if you have a database with APs or beacons and their location. This database can be externally sourced but also built automatically by sending celltower ids/aps/beacons along with GPS fixes. I assume this is one of the many things Google is doing with their fleet of Streetview cars.
[+] [-] callesgg|4 years ago|reply
[+] [-] rcarmo|4 years ago|reply
Most people are blissfully unaware of how much radio chatter and constant adjustment is actually holding up their browsing session from second to second, with the UE negotiating the best possible terms (power, throughput, etc.) with adjacent cell towers before it decides (or is prompted) to hand-over to a new cell.
Optimizing cell hand-over and adjacency matrices is something that operators need to do quite frequently as traffic patterns and network topology change and a computationally neat problem that can be scaled horizontally (I once optimized one such job to run in 4 hours instead of 24).
[+] [-] grishka|4 years ago|reply
Anyway, I wish there was something like Wireshark to which I could connect a phone and see it talk to the cell towers in real time. This would really help understand how this all works.
[+] [-] ganafagol|4 years ago|reply
[+] [-] NaturalPhallacy|4 years ago|reply
My experience in my networking class in college and how complex even a TCP/IP connection is over a reliable wired connection was enough to make me run screaming from the field as a profession.
The fact that I can get 200/mbit on my phone today still astounds me.
It's an interesting, but even to me an intimidating field.
[+] [-] ng55QPSK|4 years ago|reply
[+] [-] heelix|4 years ago|reply
[+] [-] ng55QPSK|4 years ago|reply
[+] [-] drmpeg|4 years ago|reply
[+] [-] elric|4 years ago|reply
Can someone shed some light on this?
[+] [-] Firerouge|4 years ago|reply
[+] [-] Balantio|4 years ago|reply
I always have put my phone in air plane mode when i was in a train due to the modem consuming a lot more energy.
I always assumed and still doe its due switching towers and less connecitivy which means using more power.
Whenever people argue that public transport doesn't need wifi i would argue against it due to power usage and also for more accessablity of the internet in general.
[+] [-] teeray|4 years ago|reply
[0] Phones
[1] The system which sits immediately behind cell towers and coordinates handoffs
[2] Tower
[+] [-] masklinn|4 years ago|reply
As the essay notes, it's through TelephonyManager on Android. On iOS it used to be possible through CoreTelephony private APIs, but I think Apple cracked down on these a few years back and either removed them entirely or locked them down behind entitlements, as they were getting abused by analytics frameworks.
[+] [-] lstodd|4 years ago|reply
What I don't get is why the author didn't draw the signal strength of all towers that were visible. This info is also trivially available.
What public transport needs are microcells, and to hell with wifi.
[+] [-] _trampeltier|4 years ago|reply
[+] [-] kmonsen|4 years ago|reply
I don’t remember the details but it has to do with selecting which cell tower is the best and how strong the cell phone needs to boost the signal are two different steps. Or at least used to be 10 years ago.
[+] [-] VWWHFSfQ|4 years ago|reply
[+] [-] sm4rk0|4 years ago|reply
> According to the LTE specs, cell-towers don't have to perform UE hand-overs like in GSM/UMTS. The phone starts camping on the next tower while remaining in RCC_IDLE mode without emitting data. Not only does this save battery, it also means operators don't really know where the phone is as long as it remains in the same LAC.
And another tip: I wanted to know what "very expensive" means for LTE-related literature, so I searched DuckDuckGo for the first book mentioned (sold on Amazon for $105) and the second result was an OCR'd PDF at huaweicup.ru
[+] [-] leoc|4 years ago|reply
[+] [-] lighttower|4 years ago|reply
The engineering me needs to place antennas optimally! Even though burying the phone in a pit and it still works it still irks me and I want to see it in an optimal placement where it is minimally shielded. Why don't car manufacturers have a place for the phone in the roof or something so that it gets optimal antenna placement? Yes it would be unseemly but wouldn't we get much better reception?
[+] [-] pmontra|4 years ago|reply
Examples:
The Nokia 3310 is from the end of 2000 but 2G mobile phones were already in everybody's hands by then, at least here in Italy. The boom started in 1997. I resisted until 1999, then my boss gave one to me because "I don't want to call [another guy with a mobile] to talk with you" :-) It was the Nokia 8110 (Neo's phone in The Matrix.)
3G/UMTS was launched in Europe in 2003, much before the first 3G capable iPhone (2008). The marketing word in 2003 for UMTS was UMTS. The first device was the NEC 606 [1], from the 3 mobile operator (Italy, UK and a number of other countries.) There were a number of popular 3G phones in the 5 years before the iPhone 3G.
By the way, the NEC 6060 did video calls too. The screen was low resolution (not by the standards of the time) and the price was outrageous (4 times the voice calls?) Not a very popular feature and yet it was there.
[1] https://www.mobileindustryreview.com/2015/04/classic-handset...
[+] [-] 1f60c|4 years ago|reply
[+] [-] FreshFries|4 years ago|reply
http://www.architectureofradio.com
The iOS application:
https://apps.apple.com/us/app/architecture-of-radio/id103516...
[+] [-] hansor|4 years ago|reply
Worth to mention that there are 3 types of handovers:
- Intra-relations: user can be switched between various cells at same tower.
- Intra-relations but with handover to lower technology (let's say when 4g is not available[too much traffic], so you will be dropped to let's say 3g or even 2g cell)
- External-relations: relations between cells on different towers.
As for towers:
- Not all operators allows for local roaming between various operators.
- Most towers have 3-5 sectors (pizza slices), but it's not that unusual to see OMNI antennas(single sector for 360 degrees).
[+] [-] drvdevd|4 years ago|reply
[+] [-] vbsteven|4 years ago|reply
[+] [-] bogomipz|4 years ago|reply
I can also highly recommend the book "High Performance Browser Networking" by Ilya Grigorik referenced by this post. Although it's almost 8 years old most of is still very relevant. Although it would be wonderful if he would update it to reflect changes in TLS and 5G.
I also really liked the layout and fonts on this person's site. It has an almost 'zine aesthetic. Very easy on the eyes. Does anyone know what they might be using to produce this?
[+] [-] NaturalPhallacy|4 years ago|reply
shudder
[+] [-] vinay_ys|4 years ago|reply
[+] [-] op03|4 years ago|reply
What does this mean? Whats the diff between tower and cell?
[+] [-] _Microft|4 years ago|reply
The first graphic visualizes this. Recption of the same cell is indicated by the same color there, while towers are at the points that these colored cones radiate from. Several cones of different colors start at the same points, visualizing that there are towers that are providing more than one cell. Observe that the reception can jump back and forth between the same cells as can be seen on the brown and blue colored cells in the top left corner of the graphic.
[+] [-] myphs|4 years ago|reply
>- Several cellIDs map to the same eNB lat/long coordinates. That's because the antennas mounted on an eNB don't have 360° coverage. The angle and range of each antenna carves the space into pizza slice shaped cells.
[+] [-] nick2k3|4 years ago|reply
[+] [-] totetsu|4 years ago|reply
a tower is just a mast on which radios are mounted. a site is the location of the equipment. a node is the name for a set of radios and base systems. a nodes service can be divided in to sectors. a cell is usually a certain coverage area served, the frequency of cells will differ a bit from it's neighbor to stop interface. and a beam is specific focused radio that serves one UE.
[+] [-] 542354234235|4 years ago|reply
The tower is what it sounds like, it is one physical structure containing the communications equipment, also called a Base Transceiver Station (BTS) [1]. The cell is the individual communications panel on the tower, also known as a CellID [2]. There are typically 3 panels on a tower, each covering 1/3rd of the surrounding area. So the tower gives you the physical location, and the cell gives you the general direction.
[1] https://en.wikipedia.org/wiki/Base_transceiver_station
[2] https://en.wikipedia.org/wiki/Cell_ID
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] ChrisRR|4 years ago|reply
[+] [-] ai_ja_nai|4 years ago|reply