Tagged: 1G

Reviving Old 1G Analog Cellphones and Demonstrating Their Security Flaws

Over on the YouTube channel "Nostalgia For Simplicity," the creator has uploaded a video where he revisits the original 1G analog cellular system, AMPS, to finally understand a mysterious phenomenon he experienced over 20 years ago as a kid, where he was able to unintentionally intercept other people's calls with his 1G phone. Using vintage hardware like the Ericsson DH668, he recreates a small AMPS network and confirms that the system is fully analog, instant, and surprisingly good-sounding. 

AMPS worked by dividing the spectrum into numbered voice channels, with each call occupying one channel at a time. In busy cities, simply tuning to an active channel could let you hear someone else’s call. In this revival setup, there is only one active call, making the effect easy to demonstrate. This is essentially wideband analog FM voice on fixed channels, something easily observable and demodulated with modern SDR hardware.

Investigating this ancient 1G tech has highlighted why 1G systems were fundamentally insecure and why the world moved on to digital standards. If you're interested, the other videos on his channel continue to explore early cell phones and their quirks.

I Revived 1G and Recreated a Childhood Mystery

[Also seen on Hackaday]

Running a 1G Mobile Phone Network with a HackRF

First generation (1G) mobile phone technology was brought out in the 80’s and was an unsecured analogue system. These days 1G technology is completely phased out in favor of digital standards like 2G (GSM), 3G and 4G LTE and so those old 1G handsets are now useless. However, at Shmoocon 2017 presenter Brandon Creighton delivered a talk where he showed how to use a TX capable SDR like a USRP or HackRF to create your own home 1G system that allows those old brick phones to be useful once again.

The actual video of the conference talk won’t be available online until about half way through the year but the blurb read:

AMPS, the first widely deployed cellular network in the US, was old enough that it had been designed by pre-breakup Bell, yet robust enough to survive for decades in service. Unlike LTE or even GSM, it was also a protocol simple enough to be described in a fairly short specification; if you wanted to you could listen to calls with a TV tuner (or modified phone).

This is a talk on the design and implementation of gr-amps, a set of GNU Radio blocks that can turn a TX-capable software-defined radio into a base station for AMPS devices–including that brick phone in your basement. No background in SDR is necessary to follow along (but it doesn’t hurt).

Expect detours into near-forgotten phreaker history: the weaknesses that enabled phone cloning, the efforts of wireless carriers and the US government to fight exploitation, and more.

The GNU Radio code to run your own AMPS (1G) system is available on GitHub.  It has been tested on a USRP and HackRF.

lethalweaponcellphone

[Also seen on Hackaday]