Tag Archive for Wi-Fi

| June 19, 2020
Comments Off on 5G in the D

5G in the D

5G in the DDuring the COVID-19 lockdowns work from home saw a 34% growth. Gartner reports that in the post-COVID “new normal” (whenever that is) era 74% of businesses will move some of their previously on-site workforce to permanently remote positions. These signals problems for many Detroiters who live in one of America’s worst connected areas.

Verizon 5gVerizon may be one part of Detroit moving forward in the “new normal.” FireceWirless is reporting that Verizon (VZ) is now offering its fixed wireless access (FWA) 5G Home Internet service in the D. The telco will offer the 5G Ultra-Wideband Network in the following areas: Detroit, Dearborn, Livonia, and Troy.

Detroit
Dearborn
Livonia
Troy

The Detroit 5G Home service will use millimeter wave (mmWave) spectrum and is expected to deliver speeds of about 300 Mbps. There are several factors that affect the speed of 5G networks. Notably, the more people that are connected to a network, the slower speeds will be. Not only that, but your distance to a 5G node may impact speeds too. It also uses the same network the operator is building for mobile 5G which means the FWA product is dependent on mobile 5G being available in your area.  

5G fixed wireless access

Verizon is working on higher-powered customer premises equipment for 5G Home that’s expected to expand the coverage area supported by the fixed wireless service. But the improved CPE is not part of the initial 5G Home rollout in Motown.

5G small cell site

Detroiters will get a new “enhanced” form of the product which uses industry standard 5G-NR transmission standard that, among others things, supports a customer self-install model (cost savings for VZ). Detroiters signing up for 5G Home will get the new router. The router supports the Wi-Fi 6 standard, promising peak speeds up to 1 Gbps and allowing multiple devices to run at the same time. It also features Amazon Alexa built-in, so customers can control their smart home devices and ask questions, hands-free.

5G Home service perks

The no-contract 5G Home service starts at $50 per month for Verizon customers and $70 per month for everybody else. The operator is sweetening the deal with an offer of no cost content options to get customers to sign up. Among the perks being used to entice consumers to 5G Home, Verizon is offering:

  • One month of YouTube TV,
  •  One year of Disney+
  • Three months of Google Stadia (Google’s new cloud gaming service).

New customers can also get a free Stream TV device. The device is an Android TV-based, 4K-capable streaming product from Verizon. The device is also integrated with the Google Assistant platform and Chromecast “built-in,” which enables users to cast video from the smartphone to the TV screen. The Stream TV device gets subscribers access to a library of OTT channels, apps, and entertainment, including Netflix and Amazon Prime.

rb-

Verizon has said it plans to expand 5G Home Internet to have coverage for 30 million households. Verizon predicts that by 2035, 5G will enable more than $12 trillion in global economic revenue, and support 22 million jobs worldwide driven by the digitalization of industries such as transportation, agriculture, and manufacturing.

Not everyone is convinced that these new attempts at delivering fixed wireless broadband will be a success. Lynnette Luna, principal analyst with GlobalData, told FierceWireless that Verizon needs to provide some clarity on its strategy. “They don’t want to deploy it in places with a lot of broadband competition so they look for markets where they have an advantage but I don’t understand their formula.” 

However, she added that she thinks it’s smart for Verizon to bundle the service with other things. In particular, the demo access to Google Stadia because it showcases one of 5G’s key use cases — cloud gaming.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| September 24, 2018
Comments Off on AT&T Still Trying BPL

AT&T Still Trying BPL

AT&T Still Trying BPLFresh off its dismantling of net neutrality and its drunken binge of bribing its staff, AT&T (T) has launched two field trials of its AirGig technology, fueling hopes it can gain broader acceptance of its version of the failed broadband over powerline (BPL) technology. The AirGig plan, as AT&T explained in 2016, is to use millimeter-wave radio signals (above 24 GHz) to travel along power lines. Radios on the power lines would regularly refresh the signal as it travels.

At&T kogoFirecetelecom reports that the first trial was with an electricity provider outside the U.S., and the second trial is underway with Georgia Power. Stopping short of revealing a service rollout plan, AT&T will take what it learns from the trials and continue to develop AirGig. Based on its evaluation of the current trials, AT&T will look at expanding more advanced BPL technology trials in other locations. AT&T told Firecetelecom that while “there’s no timeline yet for commercial deployment, we’re encouraged and excited by what we’ve seen so far.”

The service is bullish on AirGig. The telco is touting AirGig’s potential to deliver 1 Gbps speeds via a millimeter-wave signal guided by power lines. Firecetelecom says AT&T’s Ultimate goal with AirGig is to accelerate broadband deployments.

Broadband over power line (BPL)While there have been plenty of BPL failures, AT&T claims AirGig is different. They say it is more efficient than earlier generations of BPL because it runs along, and not within, the medium voltage power lines. The technology differs from earlier BPL technologies, which traveled with the current.

In order to roll out Airgig, AT&T had to develop several new BPL innovations to distribute signals from the power lines to homes and businesses. AT&T labs developed a Radio Distributed Antenna System (RDAS), which uses low-cost plastic antennas, aka mmWave surface wave launchers, along with inductive power devices, which receive power without direct electrical connections (for simplified installation).

The RDAS will reconstruct signals from multi-gigabit mobile and fixed deployments. Those data signals are then transmitted using mmWave over power lines. The mmWave surface wave launchers are inductive power devices that create multi-gigabit signals that travel along or near the medium-voltage wire, not through it.

Maxwells EquationsThe data signal uses the existing pole infrastructures mostly line-of-sight wire paths act as a waveguide that channels the signal and improves the transmission quality, according to Mark Evans, a director on AT&T’s AirGig team. A waveguide is a structure (like an electrical wire) that restricts how much waves can expand over distance, thereby minimizing energy loss. AT&T radio technology engineer Peter Wolniansky explained in a demo that electromagnetic physics make it work,  “The signal energy clings like a glow to this wire, … It’s bound by Maxwell’s equations to stick to this wire.

Millimeter waves are radio waves from 24-300 GHz. The benefit of using these high-frequency bands is access to high bandwidth, between 100-800 MHz, which is 20-100x more than today’s common cellular systems.

AT&T plans to put wireless stations periodically along the route to provide the last-mile connections. For that last communication link to a home or business, AT&T will use more conventional wireless equipment. Customers would use 5G CPE equipment to connect to the AirGig data flow. Once the CPE has received the signal, it can use Wi-Fi (802.11ad or 802.11ac) or an LTE femtocell unit to connect to the end users’ smartphones, tablets, laptops, television, autonomous vehicles or other IoT devices. CNet quotes Mark Evans, a director on AT&T’s AirGig team.”We’re aiming to be ready to deploy it commercially in the 2021 timeframe.

CNET also quotes Gordon Mansfield, AT&T’s vice president of converged access and devices who says they are moving forward. He confirmed that AT&T has contracted with manufacturers to build more refined hardware for a new round of AirGig testing most likely in 2019.

At&T Airgig eggsA key part of the AirGig technology for AT&T is that it is easy to install. Antenna modules — AT&T calls them eggs — clamp in pairs on the power line extending each direction from the power pole. The devices can power themselves via inductive power devices without a direct electrical connection. The eggs configure themselves automatically, and the early test showed it takes people 10 minutes to hook up to the network, said AT&T Chief Technology Officer Andre Fuetsch.

rb-

Kudos to AT&T for trying to figure out how to get everybody else to do their work just like Tom Sawyer..

AT&T can use the existing electrical right of way to bypass local municipality requirements, a long-running tactic of AT&T.

AT&T does not want to be in the business of connecting customers. They want to use the electric company’s infrastructure for free because fiber optic cable is expensive to bury underground or string along telephone poles.

AT&T will be using totally free unlicensed spectrum to sell access back to us at a huge profit.

They don’t even want to pay for electricity to run the equipment. They are using inductive power right off the mainline so it is not metered, which means everybody will have to pay.

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| March 24, 2018
Comments Off on Will Wi-Fi Be Secure This Time

Will Wi-Fi Be Secure This Time

Will Wi-Fi Be Secure This TimeOne event at CES 2018 that was overlooked by many people was the Wi-Fi Alliance announcement of WPA3, a long overdue update to Wi-Fi Protected Access (WPA). This increases the strength of a security protocol that hasn’t been updated in 14 years.

Wi-Fi AllianceThe Wi-Fi Alliance says Wi-Fi carries more than half of the internet’s traffic, so improvements to WPA are good news. The WPA3 update is a response to the evolution of Wi-Fi usage and WPA2 vulnerabilities. There are four improvements to Wi-Fi Protected Access via WPA3 over the current standard (WPA2).

Stronger passwords

WPA3 gets a new layer of protection so its security is not contingent on passwords (as followers of the Bach Seat know, passwords suck). WPA3 is an improvement on WPA2’s largest vulnerability the handshake when the key is being exchanged. KRACK (Key Reinstallation Attack) is a major vulnerability discovered in 2017 in WPA2 and WPA. It exploits the Wi-Fi handshake. KRACK allows attackers to snoop on encrypted data being transferred between computers and wireless access points (WAP).

WPA2 uses a four-way handshake mechanism, starting with a nonce provided by the access point.Brute force “dictionary attacks” are the backbone of the KRACK attack. WPA3 implements IEEE 802.11s, Simultaneous Authentication of Equals (SAE) to provide protection against this flaw. SAE is also known as the Dragonfly protocol. The Internet Engineering Task Force (IETF) describes Dragonfly,employs discrete logarithm cryptography to perform an efficient exchange in a way that performs mutual authentication using a password that is probably resistant to an offline dictionary attack.

This improvement will offer better security even if poor passwords are used. This feature is very useful since we know that users have difficulties creating strong and hard-to-guess passwords. The Wi-Fi Alliance claims WPA3 makes it almost impossible to breach a Wi-Fi network using the current dictionary and brute-force attacks.  Mathy Vanhoef, the security researcher who discovered KRACK, appears very enthusiastic about the security improvements in WPA3.

Secure public Wi-Fi

Secure public Wi-FiWPA3 secured open networks will offer more privacy than ever before. Everything transmitted over today’s open Wi-Fi networks at airports, coffee shop, libraries, are sent in plain text that people can intercept. WPA3 will apply encryption to each user on the public Wi-Fi to eliminate clear text with “individualized data encryption”.

Malwarebytes Lab speculates that WPA3 will include Opportunistic Wireless Encryption. OWE enables connection on an open network without a shared and public Pre-Shared Key (PSK). That’s important because a PSK can give hackers easy access to the Traffic Encryption Keys (TEKs), allowing them access to a data stream. OWE implements a Diffie-Hellman key exchange during network sign-on and uses the resulting secret for the 4-way 802.11 handshake and not the shared, public Pre-Shared Key (PSK) that can be easily exploited. WPA3 will be more difficult for people to snoop on your web browsing without actually cracking the encryption while you’re at Starbucks.

Stronger encryption

WPA3 will use stronger cryptographic algorithms. The new security protocol will use the  Commercial National Security Algorithm (CNSA) 192-bit encryption mandated by the U.S. government for secure Wi-Fi networks. Experts speculate WPA3 will use a 48-bit initialization vector to support backward compatibility with WPA and WPA2  The 192-bit encryption will make WPA3 compliant with the highest security standards and fit for use in networks with the most stringent security requirements. (rb- Ironic – Go to the CNSA site and get an invalid cert warning in Chrome) The CNSS is part of the US National Security Agency.

Easier IoT security

The WPA3 update simplifies setting up secure Wi-Fi connections for devices that don’t have a graphical user interface. This is critical the secure the 30.7 billion IoT devices that will be on the network by 2020. The new protocol will add Device Provisioning Protocol (DPP) which sets up a simple, secure and consistent method for securing devices with limited or no display. NetworkWorld reports that You will be able to tap a smartphone against a device or sensor and then provision the device on the network.

What happens to WPA2 devices

So far, most manufacturers have been quiet about legacy device support. We do know that future W-Fi certified WPA3 routers will be backward compatible to support WPA2. The question remains whether current WPA2 devices will be capable of connecting to WPA3.

WPA2 devices are not immediately obsolete. The Wi-Fi Alliance explained that current WPA2 devices will be able to connect with WPA3 hardware. The Alliance also announced that it will continue to do security tests on WPA2 to further protect wireless networks. WPA3 is not an immediate replacement for WPA2

Even after you get a WPA3 enabled router, you’ll need WPA3 compatible client devices—your laptop, phone, refrigerator, security camera, industrial temperature sensor, or anything that connects to Wi-Fi—to fully take advantage of the WPA3 features. The good news is that shiny new router will accept both WPA2 and WPA3 connections at the same time.

Even when WPA3 is widespread, expect a long transition period where some devices are connecting to your router with WPA2 and others are connecting with WPA3. Once all your devices support WPA3, you should disable WPA2 connectivity on your router to improve security.

rb-

I am suspicious about the NSA link to the new WPA3 encryption. The NSA has introduced weaknesses in other encryption protocols.

Until we get our hands on real hardware, it is safe to speculate that like all things Wi-Fi, backward compatibility will cost your performance. What will the impact of one legacy device have on the capabilities of the WAP? Have a pair and turn off 802.11, 802.11b, WEP, and WPA connections on your current router.

It’s about time to update WPA. But as the 802.11n process proved, if you want to get nothing done, turn it over to an industry consortium. Andy Patrizio at NetworkWorld explained that’s where standards go to die because everyone wants their IP used so they make money off every sale. The end result is nothing gets done.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| March 1, 2018
Comments Off on MIMO Antennas Explained

MIMO Antennas Explained

MIMO Antennas ExplainedWave 2 of the IEEE 802.11ac Wi-Fi standard has been out for a while now. Wave 2 Wi-Fi can support speeds up to 2.3 Gbps. One of the techniques used to generate the increased speeds of the 802.11ac networks is multi-spacial streams or several streams of the same Wi-Fi signal radiating out from several antennas. The multiple antennas are the most noticeable indicator that an access point is 802.11ac capable, especially in the consumer market.

Multiple-Input Multiple-Output

The technology behind using several antennas is called Multiple-Input Multiple-Output (MIMO). MIMO antennas have two or more antennas in a single physical package and are designed for use in IEEE 802.11n/ac Wi-Fi networks. MIMO makes antennas work smarter by utilizing multiple antennas to combine data streams arriving from different paths and at different times to increase data throughput and range compared to a single antenna using the same radio transmit power. By transmitting multiple data streams at the same time, wireless capacity is increased.

Additionally MIMO antennas improve link reliability and experience less fading than a single antenna system. MIMO antennas use spatial diversity technology, which puts surplus antennas to good use. When there are more antennas than spatial streams, the antennas can add receiver diversity and increase range.

Radio-wave multipath

Asus AC5600 routerMIMO technology takes advantage of a natural radio-wave phenomenon called multipath to improve wireless performance. In the past, multipath caused interference and slowed down wireless signals. With this iteration, Wi-Fi takes advantage of multipath. With multipath transmitted information bounces off walls, ceilings, and other objects, reaching the receiving antenna multiple times via different angles and at slightly different times

MIMO technology takes a single data stream and breaks it down into several separate data streams and sends it out over multiple antennas. This technique provides redundancy. The receiving MIMO antenna will “look” at each stream being sent to determine the strongest one to choose.

Legacy wireless devices use Single-Input Single-Output (SISO) technology. These devices cannot take advantage of multipath, and can only send or receive one spatial stream at a time.

802.11ac Wave 2 MIMO

A new version of MIMO has been developed. TechHive reports that Multi-user multiple-input, multiple-output (MU-MIMO) technology, enables AP’s to transmit and receive data from multiple Wi-Fi devices at the same time. Although the devices must also support MU-MIMO to utilize it, they aren’t required to have multiple antennas.

MU-MIMO was introduced with 802.11ac Wave 2. Wave 2 MU-MIMO support is required on both the access point and client device to work. It operates in the downstream direction, access point to the client, and allows an access point to transmit to multiple client devices simultaneously. This means networks with a dense number of users in an area, such as public Wi-Fi hotspots, could be able to handle more Wi-Fi devices.

TechHive warns the biggest caveat of MU-MIMO is it doesn’t directly improve the wireless speeds of uplink connections.

Only a handful meet the criteria today

MU-MIMO technologyIt’s also important to note that the only way to gain the full benefit of MU-MIMO is when the technology is supported on both the access point and the device that’s connecting to the AP. So in addition to having an 802.11ac adapter onboard, the client must explicitly support MU-MIMO—there are only a handful of adapters that meet that criteria today.

Finally, TechHive says MU-MIMO works best with stationary Wi-Fi devices. If users are walking around while watching a video on a smartphone or tablet, they are not going to get the full benefit of MU-MIMO even if that device supports it. Your router might even limit that connection to using SU-MIMO, so that the connection doesn’t negatively impact stronger MU-MIMO connections.

rb-

The client issue is the main reason 802.11ac Wave 2 will not be widely used in the enterprise. it is a big issue to keep the clients up to date to match the AP version. In fact, Zeus Kerravala at NetworkWorld points out that many of the high-volume manufacturers, such as Apple and Samsung, are skipping 802.11ac Wave 2 and plan to support IEEE 802.11ax in the future.

So skip Wave 2 devices in the enterprise and stick to an 802.11ac Wave 1 AP, and get exactly the same performance as its higher-priced Wave 2 counterpart.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , ,
| June 15, 2017
Comments Off on Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hubbub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how the public phone system talks to itself to complete a phone call.

Signaling System 7 is a standard that defines how the public phone system talks to itself to complete a phone call.The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

How hackers get in

According to ars Technica, the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyberattacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up a call and SMS forwarding.

Two-factor authentication

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

The end of 2FA?

Cris Thomas, a strategist at Tenable Network Security warns in the article:

While this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cybersecurity researchers began issuing warnings about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake-up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

SS7 allows voice networks to interoperate

a man-in-the-middle attack In 2014 security researchers first demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use  This technology has not kept up with modern times.  In May 2017, Wired published an article that explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course, the TLA’s would never use this “flaw” in SS7 to spy on us.

What can you do?

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticanThey recommend for text messages, avoiding SMS instead of using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data and not through the voice network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allows secure voice communications.

Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »