Category: Uncategorized

Tablets or pads, an interesting new device category since Apple has launched the first iPad back in April 2010. Many manufacturers have followed since then, mostly with Android as an OS or Amazon with their pads designed primarily designed for reading books. And Microsoft is trying hard to launch a pad of their own in 2012. Their approach is radically different than that of Apple or Google, however. They are literally on the other side of the power divide. Let me explain:

The software used by Apple and Google for pads come from the low end of computing, from smartphones. Smartphones are optimized for power consumption, they have a low power CPU, low power components, low power everything and from the outset, the operating systems were designed for that. There might have been more power optimized OSes out there such as Symbian, but nevertheless, I would dare to say that iOS and Android were specifically built from scratch to adapt to this environment. No legacy baggage and apps are trailing behind even though they are built with operating system kernels once designed for the desktop PC, e.g. Linux in the case of Android. But the kernels where shrunken, unnecessary parts removed, the graphics subsystem designed from scratch, etc. It was these operating systems which were then subsequently used as the basis for pads.

From a user's point of view, the user interface on smartphones and pads running the same operating system look pretty similar and apps written in a sensible way to adapt to different screen sizes run on both types of devices without modification. Pads might have the screennsize of netbooks or even small notebooks but they have to be light, which severely limits battery capacity. Consequently the processors used in the tablet are more or less the same as those in smartphones. And it shows when the processor is asked to do complex tasks such as rendering graphics intensive web pages with lots of flash included. Such web pages are rendered more slowly compared to on a PC and scrolling is not as smooth. Sure, you could put in a faster processor but that would come at the expense of how long the device will run on a single battery charge. And, also not to be underestimated, when power consumption rises, so does the heat generated which is immediately noticed negatively by the user. So it's a compromise which works well in most cases but here's the dividing line to netbooks and notebooks and their operating systems: Power

Now back to Microsoft: They are trying something different here which is a good thing as more of the same probably won't work for them, the competition is already there for two years and has a massive lead. What Microsoft is trying to do is to scale down their Windows OS to run on the ARM platform. And more than that they want their Office Suite and other desktop programs to run on ARM as well. Great, get an additional Bluetooth keyboard and you've got a replacement for your notebook!? I remain skeptical that it will work out like that anytime soon for a number of reasons: First, there is the power divide again. Office runs more or less smoothly on high power Intel platforms but how will it perform on a platform that has only a fraction of that processing power by design to conserve power? Secondly, it's a question of the user interface: On a tablet, I like big buttons so I can hit them reliably with a finger. Also I like an app to use as much of the display as possible because while I still multitask on a tablet it is much more limited compared to a PC where I have a keyboard and a mouse and tend to be more in creative mode rather than consuming mode. In creative mode I like a taskbar so I can switch between many applications instantly without holding a menu button for a second, etc. I also like small buttons because sometimes I have several windows open on a small screen and that only works if the applications can run in smaller windows. And with a mouse, that's not a problem, it's an advantage. So a tablet user interface for consumption is very different from an interface for creation.

Microsoft is addressing both things. The link above describes in detail how they are working on the power consumption. And with their consumption focused tile UI first introduced with Windows Mobile, whether you like the design or not, which is intended to run alongside the traditional user interface in Windows 8 on the PC (and tablet) as well, that is taken care of, too. iOS and Android don't have that so far, they are coming from a different direction. So how well will this work for Microsoft? I think there is a certain appeal to replace a netbook with a tablet + keyboard + mouse but only if the UI is right for creation in multitasking mode. Good, that is covered. So it ultimately boils down to power consumption vs. processor speed. I am not sure there is a sweet spot there yet that will ultimately satisfy those who want to use a pad for more than just with their fingers to consume information. Eventually it will come even if it takes some more years until power consumption is further optimized. And I'm pretty sure that by then others will have a UI as well to address those who need a keyboard, creative multitasking and a mouse.

So where does this leave Windows Mobile? For the moment, as far as I can tell that OS is pretty much developed and evolved on its own on the other side of the power divide. With Windows on ARM, Microsoft pretty much says that it will not attempt to jump over to a tablet with Windows Phone. Seems to be a lonely life down there and perhaps a short one should Microsoft succeed and shrink their Windows kernel to run on tablets. After all, it's the same processors running on tablets and smartphones.

One approach to deploying LTE without packet switched voice call functionality at the beginning is to instruct mobile devices to use a 2G and 3G network when the user makes or receives a voice call and return to LTE afterwards. This solution is referred to as CS fallback and has been specified in 3GPP TS 23.272.  As it's likely that it will be deployed over time in quite a number of networks and used over many years, I thought I have once again a closer look at the specs and write a little primer about it. A little warning: This is somewhat of a propeller head post which requires some background knowledge on the circuit switched core network of GSM and UMTS and how LTE works.

SGs, a new interface between the circuit switched core and the LTE network

In principle CS fallback connects the Mobile Switching Center to the LTE Mobility Management Entity (MME) via the new SGs interface. The name and functionality of this interface is similar to the already existing optional Gs interface between an MSC and a 2G or 3G SGSN. In some networks this interface is used for paging and location updating synchronization between the circuit switched and packet switched core network to reduce the signaling load and, in case of GSM, to be able to signal an incoming voice call to a mobile device that is currently busy on the packet switched side.

Preparations

When a mobile device is CS fallback capable it initially performs a combined CS+PS attach to the LTE network. This informs the network that the mobile device wants to use circuit switched services in addition to IP based services over the LTE network and is capable of falling back to a 2G or 3G network for incoming and outgoing voice calls. The MME then performs a location update on behalf of the mobile device over the SGs interface with the Mobile Switching Center and the HSS. This MSC is referred to as the SGs MSC below to distinguish it from other MSCs that might also become involved during the CS-fallback procedure. If successful it signals to the mobile device that it has been registered in the circuit switched network as well and that incoming calls will be signaled to it.

Incoming Calls – Mobile Terminated Calls

When an incoming call for the subscriber arrives at the Gateway-MSC, the HSS is interrogated for the location of the subscriber. The HSS then returns the information to the G-MSC that the subscriber is currently served by the SGs MSC. The call is then forwarded to the SGs MSC. The SGs MSC will then send a paging message over the SGs interface to the MME which will in turn inform the mobile device and require it to leave the LTE network to accept the incoming voice call in a 2G or 3G cell. The mobile device will then do as instructed and start communication over a GSM or UMTS cell.

Moving from one radio technology to another can be done in several ways. The basic scenario is a redirect in which the network gives the mobile device an instruction to select a different radio network. The instruction can contain information about the target cells to reduce the time it takes the device to find a suitable cell and establish communication. In a more advanced scenario, a full Inter-radio access technology (IRAT) packed switched domain handover from LTE to UMTS or GSM is performed which is prepared in the network and thus the interruption time is lower. In this scenario, the network can instruct the mobile device to perform radio measurements. The results of those measurements are then used by the network to select a suitable target cell and give the mobile device precise instructions of how to quickly get to this cell to minimize the handover time.

The thing with the location area

If the GSM or UMTS cell is in a location area that is different from that in which the mobile device is currently registered, a circuit switched location update procedure is required before the call can be forwarded. This could be the case, for example, if the SGs MSC connected to the MME is not controlling the GSM or UMTS cell to which the UE is transferred. This could happen in case the mobile device has selected a cell other than the one intended by the network, e.g. in areas with a location area border, or in case only a single MSC is SGs capable and hence acts as a mere relay for signaling messages rather than a switching center to which cells are directly connected.

In case of UMTS or GSM Dual Transfer Mode, the packet switched context can also be moved so any packet switched communication can continue while the voice call is ongoing. This is important, for example, so email push and other applications can continue running in the background while the voice call is ongoing. Also, this allows users to continue using other web based applications during the phone call, e.g. searching for some information on the web during the call, etc.

In case the SGs MSC does not control the 2G or 3G cell it is necessary that the SGs MSC redirects the voice path that has been established between the Gateway-MSC and itself to the MSC controlling the cell. This is done with the help of the location update procedure which is invoked as described above. Part of the location update procedure is to inform the Home Subscriber Server (HSS) of the change in location. The HSS in turn informs the SGs MSC that the subscriber has changed the MSC area. The SGs MSC then informs the Gateway MSC of this change with a ‘roaming retry’ message as specified in 3GPP TS 23.018. The Gateway MSC then removes the speech path to the SGs MSC and establishes a new link to the new serving MSC. What I m not quite sure about is whether the roaming retry is actually used today in practice for other purposes already. If you have some details about this, I'd be quite interested.

If a location update was necessary the mobile terminated call is delivered immediately after the procedure has finished. To make the MSC aware that a circuit switched call is waiting for the mobile device after the location update it includes a CS-fallback (CSMT) flag in the location update message. This flag allows the MSC to link the location update and the call delivered by the Gateway MSC. In case no location update is required, the mobile sends a paging response message to the MSC, which has the advantage that the call can be established more quickly.

Outgoing Calls – Mobile Originated Calls

When the user initiates a mobile originated call, the mobile device contacts the network with an Extended Service Request message which contains a CS fallback indicator. The network then decides based on its capabilities and that of the mobile device to either perform:

• A packet switched handover to a GSM or UMTS cell, which is the fastest way to move the mobile device to a radio infrastructure from which the circuit switched call can be initiated.

• An RRC release with redirect to GSM or UMTS, optionally with information about possible target cells to decrease the time necessary to find the cell. This is somewhat slower than a handover as the mobile device is required to reestablish contact to the UMTS network on its own without help of the LTE network.

• An inter-RAT cell change order to GSM. Optionally, the network can include information on potential GSM cells in the area (Network Assisted Cell Change, NACC)
  Contacting the network prior to leaving the LTE network is necessary so the mobile device’s context in the LTE base station (eNodeB) can be deleted and to get additional information on potential target cells to speed up the process.

Supplementary Services

The fallback mechanism to GSM or UMTS is also used for supplementary services based on Unstructured Supplementary Service Data (USSD) messages which are used for modifying parameters such as call forwarding settings, or querying the amount of money left on a prepaid account.

SMS Messages

Delivery of SMS messages, however, does not require a fallback to a GSM or UMTS network. This is because SMS messaging is not based on USSD and is not a service implemented in the MSC. Instead, the SGs MSC can forward an SMS message it has received from the SMS Service Center (SMSC) to the MME via the SGs interface. The MME will then deliver it to the mobile device via MME to mobile device signaling messages that are transparent to the eNodeB. Mobile originated SMS messages can be delivered in the same way in the other direction.

International Roaming

As CS fallback is not a Voice over IP technology, it is likely that it will mostly be used in LTE networks before VOLTE becomes available. Furthermore, CS fallback can be used as a backup solution in roaming scenarios in which voice capable LTE devices are roaming in a foreign LTE network in which VOLTE is not available or in case no roaming agreement is in place for IMS voice services.

Pros and Cons of CS fallback

The main advantage of CS fallback is that it will enable network operators and device manufacturers to introduce LTE devices with a single cellular radio chip before VOLTE becomes available and network are deployed widely enough to prevent having to hand over the call to UMTS or GSM too often (how that is done is another story).

The downside of the approach is the increased call setup time required due to the change of the access network and the potential location update procedure that is required in case the new cell is in a different location area before the normal call establishment signaling can proceed. For LTE to LTE CS fallback voice calls, the extra call establishment delay is even doubled. In other words, the extra call establishment time is likely to be noticed by the customer who expects new technologies to work better than the previous ones and not worse.

Alternatives

An alternative to CS fallback is to use dual radio mobile devices that use LTE for data only while it is available and a legacy network for voice calls and also for data once the user roams out of the LTE coverage area. Verizon, for example, is doing this today, perhaps because it was one of the first LTE networks and needed LTE capable mobile devices including voice early on to relieve the strain on its aging CDMA network. If this approach works well enough they just might hold on long enough until their LTE network is dense enough to introduce VOLTE and skip CS fallback altogether.

For UMTS network operators, however, there is little incentive at the moment to go to dual radio devices as they still have ample data capacity in their UMTS networks. As a consequence, they have launched their LTE networks mostly with data only devices. For them, CS fallback might be the better alternative unless the additional call setup delay time becomes annoying. There are several deployment options that influence the additional time required to set-up the call so it's going to be interesting who will do what to reduce the delay.

Summary

CS fallback sounds easy but from the description above I think it is quite clear that it is not quite that. A new interface to be implemented in the MSC software and the MME, the use of roaming retry functionality that is not used so far (please correct me if I'm wrong) and the new CS fallback flag in the location update message will keep network and device engineers busy for a while. A lot of effort for a "temporary" solution.

Back in December I reported on some tests I ran to determine the data rates used by Youtube for streaming videos at different resolutions. The result was that a 30 second input file generated with a Nokia N8 of around 45 MB in 720p quality was converted by Youtube into 2.7 MBit/s stream (23 MB total) for a 720p HD stream and to a 1.2 MBit/s stream for the 480p resolution. At the time I assumed that those streams are also used on mobile devices, especially for the new smartphones with a dedicated Youtube client that offer a quite nice looking "HQ" streaming from Youtube.

Recently I revisted the topic and decicded that seeing is better than believing and to trace what was actually going on. To see how the videos are requested I used a Wi-Fi access point and a PC as a gateway to the Internet on which I could run Wireshark to see what is going on. I used three Android based smartphones from three different manufacturers which each had the Google Youtube client installed by default. All of them took the "HQ" (note it's not "HD", it's "HQ", a fine difference…) version of my original video which actually turned out to be in a resolution of 640×360 pixel (i.e. 360p), which is lower than the standard quality for the PC which is 480p. At 30 frames per second the video is streamed at 0.7 MBit/s which translates in about 2.7 MB of data for a 30 second video clip.

By the way: This version of the video can be watched on the PC as well, e.g. with VLC. With Wireshark, the URL of the stream can be copy and pasted over to the web browser which will then download the stream into a file. That file can then be played back and examined with VLC.

0.7 MBit/s is roughly half of the streaming rate of the standard PC resolution and much easier to achieve in life networks under less than ideal coverage conditions compared to the standard or HD resolution streams. Nevertheless, the videos still look very good, even if they need to be upscaled a little bit for current smartphone displays. The Samsung Galaxy S and S-II for example have a screen resolution of 800×480 pixel, almost big enough for the standard Youtube PC resolution of 854×480 pixel.

 

… they are not much better then the one I currently have that is three years old. Can it really be, three years is an eternity in computing!? Look what happened in the mobile domain in the last three years and compare.

Whenever I look at the latest netbook models, they still have a slow Atom processor with a built in slow graphics adapter. I don't mind that the 1GB of RAM hasn't advanced, my Ubuntu is quite happy with that. But I'd really like the CPU and graphics to be a bit faster. Three years is a long time for things not to improve all that much.

True, Ultrabooks are coming to the market now so perhaps they are something for me. One thing I have second thoughts about is how I can replace the built in battery myself? On all of my previous notebooks and netbooks the battery had to be replaced a year or a year and a half as their capacity was not longer sufficient for my use. Also, more than 11" is no good for me either, it just has to be that small so I can work with it in the train. Any more and it stays in the bag.

Perhaps its because I am getting older, I'm not sure, but my needs for and use of connectivity have notably changed. Not that I've changed my mind on wanting network coverage wherever I go, no, it's what I want it for that has changed over time. I can still remember the early days of wireless when I had a mobile phone and took it everywhere so I could be reached anytime. Once Internet access went mobile, that was extended by the desire to be reachable by email and other services at any time as well.

Fast forward to 2012 and I see a remarkable difference. Today, I no longer have the desire to be reachable anywhere and anytime. For phone calls and SMS messages I have filters. If I want to be undisturbed, I activate the filter and restrict the audible indication of phone calls and SMS messages to a few persons for which I really want to be reachable at any time. Other incoming stuff can be dealt with later. Same thing with emails.

Unlike other people I don't have a bad conscience when somebody asks me why I wasn't reachable to say that I was busy. There were times when the email client on the phone ran 24/7. Perhaps spam and emails not requiring and instant answer have worn me out a bit over time. Today, I stop the email client on the phone regularly because I don't want those beeps every so often to interrupt what I'm doing or thinking about.

[There, it beeped for an incoming email just while I was typing this sentence and I'm suppressing the urge to read it. I should have turned on the filter before starting this post…].

It wound't help to carry two devices, one for business and one for private communication. In effect, it would just double my work. On both I would again need the filters because even when I am in the office I don't want to be reachable all the time. Ringing or beeping devices in meetings, no thank you. A filter for silent indication of incoming stuff, well, I do go that far and if it's a general meeting in which I do not have a stake in all topics discussed I even text under the table every once in a while.

On the other hand I like having access to information at a moment's notice. Being able to search for some piece of information instantly to help me with what I'm doing at the moment, browse through Wikipedia, read the news on my favorite web sites, follow the blogs on my RSS streams whenever I wish no matter where I am, that's were my desire for always-on connectivity comes from these days.

Sure it's also great that I can contact other people whenever I want, but I try not to be disappointed if I don't reach them right away. After all, don't they have a smartphone? Yes, double standards, but I'm working on it 🙂 So I've stopped asking people why they were not reachable or more or less unconsciously try to make them feel guilty by telling them that I failed to reach them before. Connectivity everywhere is misunderstood by many as reachability everywhere.

[An incoming phone call has interrupted me and I took the opportunity to read the email that came in a couple of minutes ago as well. The urge is strong].

I have also found a renewed love for fixed line numbers. Yes, those numbers that connect to phones that are tied to the wall with a cable or are cordless at most with coverage ending a few meters after the doorstep. While it is convenient for many things to reach people when they are not at home, I sometimes want to explicitly reach people only when they are at home and have time to talk. Yes, I know I could text them in such a case to let them know I want to talk with them when it's convenient, but it's not the same thing.

You've detected some inconsistencies in this post? Yes, it's a complicated topic…

In other words my network coverage needs have changed from being for "reach-in" to being for "reach-out".

Last week I was in France for the first time this year, at the lovely but icy cold Côte d'Azur. To my surprise, the new network operator "Free" who has just recently launched their own network in France was already there, even in snowy Sophia-Antipolis. 208 15 is their Mobile Country Code / Mobile Network code shown on older devices that were built before they registered their name in the SE.13 network name database. I couldn't roam into their network yet, but that is not very surprising given that they just launched less than a month ago.

And it seems their launch has brought quite some movement into the sleepy French mobile network landscape. With only three networks present, competition was relaxed and resulted in high prices. Free changed all that and for 20 euros a month, users can get an all you can eat unlimited calls and texts + 3GB of mobile data a month, finally bringing the country en par with prices in many other European countries.

The French are quite interested and there are reports that in the first month, Free has likely gathered over one million subscribers and mobile number portings are well beyond 40.000 a day, the maximum capacity the system was designed for. I'm a Bouygues customer and last week I received an interesting eMail from them informing me that, oh by the way, Free is not so special as everybody thinks, as Bouygues also has a 20 euro a month all you can eat plan, available on their website. And, it was stressed, it had that long before Free launched. Interesting, it must have been very well hidden on their website, I never saw it. But o.k. the eMail alone is quite telling.

In other countries, regulators are not faced with competition springing up but rather with networks trying to merge. Regulators have rejected such approaches recently in Switzerland and just lately in Greece. Rumors or deals in other countries, however, continue to spring up. Let's hope regulators take the time to have a closer look at countries such as France to see what the difference is between a three and a four network operator landscape. From a consumer point of view, the choice is simple and pretty much irreversible. If two network operators are allowed to merge, infrastructure goes away and is unlikely to be built again by another contender anytime soon.

The first HSPA+ dual carrier smartphones are on the market now and I can already imagine of how they will be marketed: It can do 42 MBit/s!  That's easy for the press but it completely misses the point.

It's not the theoretical top speed that will make these phones better for users than their current models but their ability two bundle two 5 MHz carriers. While this allows for the theoretical 42 MBit/s top speed, the real sweet thing about this is that it also doubles cell edge performance. Here, the signal strength is low, interference is high and as a consequence, data rates are much lower than closer to the cell tower. Having the ability to bundle two channels in effect doubles the data rate in many places with a weak signal and high interference and that will be noticeable to users.

Another benefit not to be underestimated: Dual-carrier chips usually come with sophisticated interference cancellation technologies and perhaps even two antennas for diversity. This again will do wonders in areas where the neighbor cells and even data sent to other users from the local cell creates interference. 

Networks will be happy about such devices, too as the 64-QAM modulation and interference cancellation technologies will implicitly increase overall network capacity as data can be sent to such mobiles in much less time than to non HSPA+ devices. In other words, more time is left to communicate with other devices.

Let's see if the main stream press will take note of this at some point.

Teltarif has recently reported (in German) some figures on fixed and mobile network usage in Germany on the 31st December 2011 which are interesting to play around with a bit. The article says that the Vodafone Germany network has transported 25 million megabytes between 8pm and 3am the other morning, i.e. in 7 hours.

Let's say that during that time the data rate on the interfaces to the rest of the Internet was more or less the same, what's the throughput during that time with this number? Here's the math:

• 25.000.000 megabytes = 25.000 gigabytes (SI prefix system with 1 GB = 1000 MB)
• 25.000 GB * 8 = 200.000 gigabits
• 200.000 gigabits / (7 hours * 60 minutes *60 seconds) = 7,93 GBit/s

7,93 GBit/s quite an impressive number, that's (7,93 GBit/s * 60 seconds * 60 minutes) / 8 bytes = 3.5 terabytes per hour of data transferred.

Let's just assume for a second the data rate would always be that high, which is likely not the case since this is a high load scenario, but just for the fun of doing it and comparing it to something else I have in mind the amount of data transferred per day would look like this:

• 3.5 TB/h * 24h  = 84 TB per day

Again a high number, but already back in 2010, 3UK reported that they shuffle 100 TB a day through their network. The numbers are in the same ballpark coming from different network operators which helps to ascertain that at least the order of magnitude is correct (I'm always a bit cautios with such reports as they don't contain a lot of detail how and what exactly was measured and went through legal and public relation "washing machines" for a while). What's a bit odd is that Vodafone Germany has around 36 million customers in Germany while 3UK has around 7 million.

I would have expected that Vodafone's number is actually higher, especially as their number was not an average but during a peak load scenario while 3's number sounds like a daily average. So assuming the numbers are correct, perhaps the difference is due to pricing!? 3UK offers data very cheaply on prepaid and in very high quantities (15GB for around 18 euros and it's possible to top-up again once the limit has been reached). Vodafone Germany is not quite at this point yet (5 GB for around 24 euros). I don't have numbers on this, so this part is pure speculation.

Despite the difference in customers, however, the number of base station sites seem to be similar with 3UK saying they have about 12.000 and Vodafone Germany saying they have about 13.000 (the number is from 2009, they probably have added some more in the meantime).

The CES 2012 has come and gone and I am quite amazed about the kind of spin even some technically sound German tech websites (here and here) have put on US LTE smartphones and why we are not seeing them over here in Europe. Their spin is that the US is far advanced with their LTE smartphones and Europe is lagging behind. Actually it's quite the other way around if you don't let yourself be blinded by the words LTE and 4G. Here's why:

In the US, carriers like Verizon and Sprint have a problem with their CDMA networks: They are quite limited in terms of performance and capacity in their current deployment state to a few hundred kilobits up to perhaps a megabit or two per second per user. The development on this radio technology has come to an end, quite to the contrary to W-CDMA (UMTS) which goes from strength to strength with its HSPA evolution path. Verizon's and Sprint's networks have become crowded and they had to resort to introduce LTE as quickly as possible to get further capacity and also higher speeds per user. The downside of this is that current Verizon phones run two radio chips simultaneously, one for LTE data and one for CDMA over which voice services are handled. As a result the smartphones are bulky and battery performance is an issue. For details see here.

AT&T is in a slightly better position with their HSPA network as they could build out their network to perform well and offer sufficient capacity. It would spare them the trouble of dual radio devices and the issues described above by going along this route for smartphones. AT&T may opt for CS-Fallback for voice instead of dual radio but the downside of that would be significantly longer call establishment times and higher call setup failure rates (at least by European standards). So they could do the smart thing and use LTE for dongles, tablets and other non voice devices for the moment. But it seems everything that is not LTE these days in the US is seen as inferior by the public and it's difficult to market around it. It's true, LTE is superior for pure data services on a 20 MHz carrier (only used in in Europe for the moment) but not with the 10 MHz LTE carriers used in the US and not for smartphones were a quick and reliable voice service is still important.

Let's have a look to Europe. It is true that in most countries, LTE is not yet deployed. There are some exceptions, notably the nordic countries and Germany. But here, the choice of all network operators has been to focus on data only devices for LTE. With the introduction of HSPA+ and data rates well in the 30 MBit/s range in unloaded cells when HSPA+ with dual carrier is used, the technology can deliver at least as good a throughput as 10 MHz LTE deployments. In addition, voice service is integrated, which means no bulky smartphones due to dual radio are necessary or CS fallback ruining your call setup performance. While AT&T's HSPA network is under constant criticism, HSPA networks over here perform well and there are no signs that this will change anytime soon. So offloading the dongle users to LTE that use much more data than smartphones anyway and keep the smartphones on the evolving HSPA network is the much smarter choice. And by the way HSPA+ networks are still assumed to be 3G over here in Europe and don't have to be marketed as 4G like in the US.

I can see why the mainstream press is easily fooled by terms such as 4G and LTE which are newer than 3G and UMTS but for smartphones, well built UMTS networks continue to outperform LTE on smartphones. Don't get me wrong, there's nothing wrong with LTE, it's a great technology, but until the voice issue is solved in one way or another it just doesn't make sense for smartphones.

The more time that passes by the more it seems likely to me that dual radio smartphones will shrink in size and the power consumption overhead by dual radio diminishes. Once those two values are right it might be just another solution to the voice problem, even for European operators and users.

At the end of 2011, Stefan Viehböck published a paper on the insecurity of the Wi-Fi Protected Setup (WPS) protocol and how implementation flaws make it even worse. With code to exploit these weaknesses now in the public domain, WPS enabled routers are easily crackable under certain circumstances that seem to be widespread. There's lots of information on this to be found on the web in the meantime and since I think this is an issue not to be underestimated if your neighbors have kids who spend their afternoons with the latest hacker tools I thought it was time to learn a bit more about it and collect some sources for further reading. Here's the result:

The initial weakness found was that many routers on the market today have WPS activated by default with a PIN printed on the device which allow an unlimited number of WPS pairing attempts. Due to the length of the WPS pin, a brute force attack on the system is successful within a few hours. This is the what was discovered by Stefan and described here, with a Wikipedia entry here and a US CERT vulnerability note note here.

If a router implements WPS in this faulty way the only solution is to turn WPS off, hope for a software update in the future and for the moment rely on the WPA-PSK password authentication scheme, which is just as simple to use and much more secure anyway. As it turns out, there are products out there where WPS can't be switched off at all, or, what's even worse, where the Web GUI has an option to turn it off but it remains activte nevertheless.

Better WPS implementations have a safeguard against this by:

• limiting the number of attempts that can be made before WPS pairing is blocked for some time
• using a different PIN for every pairing attempt
• limiting the pairing time to two minutes

Unfortunately that does not solve the whole problem. If an attacker is able to record a successful WPS pairing between two devices it's possible to retrieve the authentication details in an offline brute force attack in a reasonable amount of time due to the length of the PIN of 7 characters + 1 checksum character. Fortunately, the odds of being able to intercept a WPS pairing and then performing an offline brute force calculation of the credentials are much smaller than an active brute for attack, as the attacker has to intercept the WPS. A good explanation of this can be found in episode 337 of my favourite weekly security podcast 'Security Now'.

So for people who like their home networks to be secure, the best advice is to turn WPS off. Good luck!

Update, 6. Feb. 2012: Episode 338 of Security Now has an errata early on in the podcast in which it is made clear that it's NOT possible to get the WPS PIN and WPA key by observing a successful pairing and then cracking it offline. This is because at the beginning of the PIN exchange a Diffie-Hellman key exchange is performed to encrypt (not authenticate!) the reset of the conversation. This prevents the offline cracking approach.