Welcome back, my aspiring cyberwarriors!
In our modern digital era, mobile or cellular networks are the dominant mode of communication. People use mobile networks to talk, text, and data communication. Cellular networks have become an essential means of communication for people around the world. About 80% of the terrestrial world is accessible to a cellular network and nearly have the population has a cellular handset.
In this series, we have already analyzed how Mexican cartels built their cellular network and also took a quick look at the basics of cellular networks.
Now let's take a deeper dive into this technology.
Frequencies
The foundation of cellular networks rests upon carefully orchestrated frequency management systems that operate across multiple bands. Lower frequencies, particularly those below 1 GHz, provide the backbone for wide-area coverage due to their superior propagation characteristics. These frequencies exhibit remarkable building penetration capabilities, with signal attenuation following a path loss model of approximately 20 dB per decade of distance in the 700 MHz band (this means the signal strength decreases by 20 decibels when the distance increases tenfold), compared to the more aggressive 40 dB per decade loss experienced at frequencies above 2 GHz.
Mobile subscribers will often use multiple frequencies simultaneously. The mobile carriers manipulate the frequencies utilized so that their low-power transmitters can supply the service with the least amount of interference from other radio signals.
Frequency Management
Different regions implement varying frequency allocations based on regulatory requirements and historical usage patterns. AT&T's network architecture exemplifies this complexity through its multi-band deployment strategy. Their 850 MHz spectrum serves as the primary coverage band, with uplink operations spanning 824-849 MHz and downlink communications occupying 869-894 MHz. This band implements 124 discrete channels, each separated by 30 kHz, operating with a path loss exponent of approximately 3.1 in urban environments. The path loss exponent quantifies how signal strength decreases with distance, influencing the achievable coverage area of a cell. Lower frequencies, such as 850 MHz, experience slower signal attenuation, enabling wider coverage, which is crucial for ensuring reliable service across large urban areas.
The higher frequency 1900 MHz band augments network capacity, utilizing 299 channels with 200 kHz spacing. Although higher frequencies experience greater path loss, limiting their coverage area, they allow for higher data rates and better spectral efficiency, supporting more simultaneous users. This dual-band approach enables an optimal coverage-capacity balance, where lower frequencies provide broader coverage while higher frequencies focus on increasing network capacity. This design ensures robust performance, with typical cell radii ranging from 2 to 5 kilometers in urban deployments.
AT&T | GSM/UMTS/HSPA+ | 850 MHz: Band 5 |
Verizon Wireless | CDMA | 850 MHz: Band 01900 MHz: Band 1 |
T-Mobile | GSM/UMTS/HSPA+ | 1900 MHz: Band 21700/2100 MHz: Band 4 |
U.S. Cellular | CDMA | 850 MHz: Band 51900 MHz: Band 2 |
Cricket Wireless | GSM/UMTS/HSPA+ | 850 MHz: Band 51900 MHz: Band 2 |
Boost Mobile | CDMA | 800 MHz: Band 101900 MHz: Band 2 |
Metro by T-Mobile | GSM/UMTS/HSPA+ | 1900 MHz: Band 21700/2100 MHz: Band 4 |
The Evolution of Mobile Networks: GSM, CDMA, UMTS, HSPA, LTE (4G), and 5G
GSM (Global System for Mobile Communications) was introduced as a 2G technology in the late 1980s, becoming the global standard for mobile communication. It enabled reliable voice calls, SMS, and basic data services like GPRS and EDGE. GSM uses technologies like Time Division Multiple Access (TDMA) and Frequency Division Multiple Access (FDMA) to manage resources, operating across frequency bands such as 850, 900, 1800, and 1900 MHz. It played a foundational role in connecting the world through mobile technology.
CDMA (Code Division Multiple Access) emerged as a competitor to GSM, primarily adopted in the U.S. by carriers like Verizon and Sprint. Unlike GSM, CDMA uses spread spectrum technology, allowing multiple users to share the same frequency band with unique codes. This method is highly efficient in managing high-user density and maintaining quality, even in congested areas. CDMA laid the groundwork for later technologies like CDMA2000, which expanded into 3G capabilities, offering improved reliability and speed.
As mobile internet gained importance, UMTS (Universal Mobile Telecommunications System) evolved from GSM to meet the demands of 3G connectivity. It introduced Wideband Code Division Multiple Access (WCDMA), enabling faster data speeds (up to 384 kbps) and advanced services like video calls. UMTS operated predominantly in the 2100 MHz band but adapted to regional variations, making mobile internet and multimedia applications widely accessible.
To further enhance data performance, HSPA (High-Speed Packet Access) was developed as an extension of UMTS, bridging the gap to 4G. HSPA combined High-Speed Downlink Packet Access (HSDPA) and High-Speed Uplink Packet Access (HSUPA), achieving download speeds of up to 14 Mbps and upload speeds of up to 5.76 Mbps. This significant leap allowed for smoother video streaming, faster downloads, and an overall better internet experience.
The leap to 4G, led by LTE (Long Term Evolution), transformed mobile networks into fully packet-switched systems. LTE provided high-speed internet with peak data rates of up to 100 Mbps for regular LTE and up to 1 Gbps with LTE-Advanced. This technology supported HD streaming, online gaming, and other data-intensive applications, with widespread adoption across low, mid, and high-frequency bands for both urban and rural coverage. It marked a critical shift in mobile broadband capabilities.
Finally, 5G represents the newest generation, designed for ultra-fast speeds, minimal latency, and massive device connectivity. It supports enhanced mobile broadband for applications like augmented reality, virtual reality, and 8K streaming, achieving speeds up to 10 Gbps. 5G also introduces ultra-reliable low-latency communication, essential for real-time applications like autonomous vehicles and remote surgery, and can handle billions of devices simultaneously through massive IoT support. Operating across low-band, mid-band, and high-band (mmWave) frequencies, 5G is paving the way for a fully connected, intelligent world.
How Mobile Networks Work
Mobile phones operate by sending and receiving low-power radio signals. These signals are transmitted and received through antennas, which are either external (in older models) or embedded within the device (in modern phones).
These low-power signals are picked up by mobile phone base stations, which connect the device to the broader mobile and fixed-line networks. The base stations ensure calls or data are routed correctly between devices or services.
As a mobile terminal (MT) — your phone — moves through different areas, it connects to multiple Base Station Transceivers (BTS). To maintain uninterrupted service, the phone must remain within range of a base station, with the connection between the MT and BTS referred to as the Um interface.
A mobile base station (BTS) consists of two primary components:
Base Station Controller (BSC): Manages voice and control signals.
Packet Control Unit (PCU): Forwards data packets (e.g., for internet connectivity).
Together, the BTS, BSC, and PCU form the Base Station Subsystem (BSS), which handles communication between mobile terminals and the core network.
The connection between a mobile terminal and a base station uses Time Division Multiplexing (TDM). TDM divides the available radio spectrum into time slots, allowing multiple users to share the same frequency. Each device is allocated a specific time slot, creating the illusion of a dedicated connection for every user.
As the mobile device moves, it continuously updates its location with the network through a process called Location Update. This informs the Home Location Register (HLR) of the device’s geographic area and the Mobile Switching Center (MSC) responsible for managing the connection.
Summary
Among the multitude of radio signals swirling around us everyday are the mobile telephone signals that all of us have become so dependent upon. Mobile networks use several different technologies including GSM, CDMA, TDMA, 4G, LTE, 5G and many others.
With the advent of Software Defined Radio (SDR), reconnaissance and attacking these networks has become cheaper and easier. In fact, it is possible to create your own private cellular network as well as create a Stingray-like device that militaries and law enforcement use to eavesdrop on mobile communication.
For more on Software Defined Radio check out our SDR for Hackers and Advanced SDR for Hackers. In 2025, we will teaching our first SDR for Mobile Systems where many of these techniques will be taught.