The LTE Doom and Gloom

BinaryMode

BinaryMode

Blondie Once Said To Call Her But Never Answerd
Joined
Jul 3, 2023
Messages
1,167
Location
2600 dialtone blvd
From this post.




mmckenna said:
Couple of challenges with that:

LTE is a very broadband signal, often 10MHz wide, and there's two of those, uplink and downlink. That's beyond what a consumer scanner can handle.

LTE isn't just one band, the bands used for this service are all over the place, including up into the 2.5GHz range, well beyond what consumer scanners will handle.

Traffic is duplex, so it would need to be able to listen to both uplink and downlink at the same time.
Click to expand...


This is withen the technological achievements of electronics today. Even for a scanner. I've owned receivers that go up that high and beyond. Heck, consumer grade radar detectors go well beyond that in the frequency spectrum. So there is no technological limitation to achieve this. I mean, phones are made to handle LTE of course. Also, a scanner that employs an SDR at the heart of its electronics package is totally capable. Especially with the needed bandwidth. Duplex communications can be handed with a dual VFO and whatnot.


mmckenna said:
Traffic is packetized, so simply listening in on the data stream isn't enough, the scanner would need to pull specific packets out.

And to top it all off, LTE Is encrypted, and we know the chances of getting the encryption keys.

Such traffic would include text messages, e-mail, video, photos, web surfing, as well as everything else that happens on these devices. Even if just a LMR radio with LTE capability, there's a lot of other information in the packets.
Click to expand...



This would be the wrench in the gears. As such, the ability to monitor would more than likely be off the table. Which means unabridged streams by the departments themselves need to be mandated for the public trust, for the public to stay abreast of a disaster, and to be transparent and accountable to the community that public safety serves.



mmckenna said:
Cell sites are small, on purpose. Unless you were on the same cell as the radio, you would not even hear the traffic, it's not like a simulcast system where the same traffic is sent from all cells. It's more like a trunked system without simulcast. You'd have to have connection to the exact same tower as the device.
Click to expand...


I can understand this, but I'm a little confused. How would say unit A hear unit B across town? It seems likely that all the voice would be simulcast between all the sites through the backhaul, no?
 
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
26,234
Location
United States
BinaryMode said:
This is withen the technological achievements of electronics today. Even for a scanner. I've owned receivers that go up that high and beyond. Heck, consumer grade radar detectors go well beyond that in the frequency spectrum. So there is no technological limitation to achieve this. I mean, phones are made to handle LTE of course. Also, a scanner that employs an SDR at the heart of its electronics package is totally capable. Especially with the needed bandwidth. Duplex communications can be handed with a dual VFO and whatnot.
Click to expand...

Right, didn't mean to suggest it wasn't possible to make a radio that could receive signals like this.
But no current model scanner will do a combination of the frequency range and bandwidth.

But it wouldn't be something as inexpensive as a cheap SDR or even in the range of a current model consumer scanner.

BinaryMode said:
This would be the wrench in the gears. As such, the ability to monitor would more than likely be off the table. Which means unabridged streams by the departments themselves need to be mandated for the public trust, for the public to stay abreast of a disaster, and to be transparent and accountable to the community that public safety serves.
Click to expand...

Right. This is wireshark/packet sniffing stuff.

Departments still archive the audio that passes through their part of the system, so things like streaming or FOIA requests are still an option.
But live/real time listening probably isn't going to be an option since the requirements to protect CJI/PII don't change.

As I've said before, public safety radio systems (LMR, LTE or a combination of both) are not designed to be a tool used to communicate with the general public. Public safety has better tools for that, and tools that can reach a much larger segment of the population. Such a radio that would decode LTE packets, handle encryption, cover the bands, none of that is going to cheap, and not in the range of the average citizen.

And none of that considers encryption. Getting encryption keys is still out of the question. And it's not just the agency. The LTE stream is encrypted. The data stream for the "radio" application is also encrypted end to end. So you'd need to have the encryption keys for the LTE network plus the encryption keys for the public safety agency. And that's not going to happen.

BinaryMode said:
I can understand this, but I'm a little confused. How would say unit A hear unit B across town? It seems likely that all the voice would be simulcast between all the sites through the backhaul, no?
Click to expand...

Like a multisite trunked system. The LTE core only sends the traffic to the cell sites that have devices on them that need to hear the traffic.
Since cell sites generally cover a small area, that means you'd have to be on a cell site that had an active user on it.

The days of one or two cell sites covering tens of square miles are quickly fading. To get the capacity and bandwidth needed to support the high speed data, cell sites have been shrunk down pretty small. A cell site might cover a few blocks at best in some areas. More rural areas would see bigger footprints.

That all negates the argument that such a system could be relied upon to be a functional tool to alert citizens in a disaster. Not all would hear the traffic. This is why agencies use appropriate tools to alert the general public when needed.


This is all a good discussion, and I can appreciate your stance. I started off with scanners before I went into the industry.
But this is a dead end. Once agencies switch to these systems, they are not going to be monitor-able. The only real option is to hope they decide to stream parts of their traffic.
 
kc2asb

kc2asb

Member
Joined
Dec 31, 2015
Messages
653
Location
NYC Area
So, in the end, we're right back at square one because the encryption keys will always be unobtanium. ;)
mmckenna said:
And none of that considers encryption. Getting encryption keys is still out of the question. And it's not just the agency. The LTE stream is encrypted. The data stream for the "radio" application is also encrypted end to end. So you'd need to have the encryption keys for the LTE network plus the encryption keys for the public safety agency. And that's not going to happen.
Click to expand...
 
P

Project25_MASTR

Millennial Graying OBT Guy
Joined
Jun 16, 2013
Messages
4,491
Location
Texas
mmckenna said:
Right, didn't mean to suggest it wasn't possible to make a radio that could receive signals like this.
But no current model scanner will do a combination of the frequency range and bandwidth.

But it wouldn't be something as inexpensive as a cheap SDR or even in the range of a current model consumer scanner.



Right. This is wireshark/packet sniffing stuff.

Departments still archive the audio that passes through their part of the system, so things like streaming or FOIA requests are still an option.
But live/real time listening probably isn't going to be an option since the requirements to protect CJI/PII don't change.

As I've said before, public safety radio systems (LMR, LTE or a combination of both) are not designed to be a tool used to communicate with the general public. Public safety has better tools for that, and tools that can reach a much larger segment of the population. Such a radio that would decode LTE packets, handle encryption, cover the bands, none of that is going to cheap, and not in the range of the average citizen.

And none of that considers encryption. Getting encryption keys is still out of the question. And it's not just the agency. The LTE stream is encrypted. The data stream for the "radio" application is also encrypted end to end. So you'd need to have the encryption keys for the LTE network plus the encryption keys for the public safety agency. And that's not going to happen.



Like a multisite trunked system. The LTE core only sends the traffic to the cell sites that have devices on them that need to hear the traffic.
Since cell sites generally cover a small area, that means you'd have to be on a cell site that had an active user on it.

The days of one or two cell sites covering tens of square miles are quickly fading. To get the capacity and bandwidth needed to support the high speed data, cell sites have been shrunk down pretty small. A cell site might cover a few blocks at best in some areas. More rural areas would see bigger footprints.

That all negates the argument that such a system could be relied upon to be a functional tool to alert citizens in a disaster. Not all would hear the traffic. This is why agencies use appropriate tools to alert the general public when needed.


This is all a good discussion, and I can appreciate your stance. I started off with scanners before I went into the industry.
But this is a dead end. Once agencies switch to these systems, they are not going to be monitor-able. The only real option is to hope they decide to stream parts of their traffic.
Click to expand...

To supplement this, cell towers are also sectorized and depending on the site and traffic there can be 12-15 different cellular base stations just for one carrier.
 
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
26,234
Location
United States
kc2asb said:
So, in the end, we're right back at square one because the encryption keys will always be unobtanium. ;)
Click to expand...

Two sets of encryption keys:

Agency keys. Not getting those due to CJI/PII. Plus, it completely negates the purpose of running encryption to give them out to people. Keys need to be controlled, and giving them out to hobbyists is not controlling them.

Carrier keys. That doesn't just give access to the public safety traffic, but every single bit of data on the network. All phone calls. All text messages. All video chats. All internet traffic. All E-mails. All application traffic. Location data down to within a few feet. No cell carrier is going to give those out to a random hobbyist.
 
kayn1n32008

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
7,188
Location
Sector 001
BinaryMode said:
As such, the ability to monitor would more than likely be off the table. Which means unabridged streams by the departments themselves need to be mandated for the public trust, for the public to stay abreast of a disaster, and to be transparent and accountable to the community that public safety serves.
Click to expand...
LMFAO.

You are delusional.
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,635
Lets face it. The "Big E" is inevitable. There was never any explicit right to monitor police radio traffic. It was luckily very difficult and costly to encrypt and that barrier is eroding away with new generations of radio networks. Unless you can tap in at the core, (Illegal) there is no method of intercepting.

One of my future "thought projects" is to build a "police radio" detector using an AD8313 0.1 GHz TO 2.5 GHz, 70 dB Logarithmic Detector / Controller (Eval boards available cheaply from China). This would be fed with a preamplifier and preselector filter for the appropriate bands 700/800 MHz. The output would go to an LED VU meter chip like an LM3914 (Eval boards also available) and a sona-lert type buzzer set to alert at a certain threshold (LM3914 output pin) . Think of this as a "fuzz buster" for police mobile radio activity in your vicinity. It would use filters to limit reception to uplink bands for Public Safety 700/800 and LTE. Sure there will be false alarms, but limiting the threshold to a mile or two around your car would be informative.
 
kayn1n32008

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
7,188
Location
Sector 001
RFI-EMI-GUY said:
Unless you can tap in at the core, (Illegal) there is no method of intercepting.
Click to expand...
Nope. In a P25 trunk system, it's end to end encryption. Subscriber to subscriber. Or subscriber to console. Voice shouldn't be in the clear at any point in between.
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,635
kayn1n32008 said:
Nope. In a P25 trunk system, it's end to end encryption. Subscriber to subscriber. Or subscriber to console. Voice shouldn't be in the clear at any point in between.
Click to expand...
When you have LTE or similar smart application as an end point, there is a physical location where the P25 and the LTE become clear text. At least with /\/\.
 
You must log in or register to reply here.

Similar threads

KK4JUG
Cell Tower?
Replies
5
Views
231
KK4JUG
KK4JUG
N9JIG
Scanner Tales: PL or Not to PL, that is the obsession
Replies
3
Views
355
kc2asb
kc2asb
T
APX Next ViQi
Replies
5
Views
490
jeepsandradios
jeepsandradios
N9JIG
Scanner Tales: The Scanner Guys
Replies
2
Views
430
buddrousa
buddrousa
F
Is 24/7 Streaming required for Broadcastify Calls?
Replies
3
Views
295
far342
F
Top