[time-nuts] Time security musing - attacking the clock itself

Warner Losh imp at bsdimp.com
Tue Dec 4 15:27:26 UTC 2012

On Dec 3, 2012, at 11:27 PM, Hal Murray wrote:

> lists at lazygranch.com said:
>> Now a phone has accurate network time, so they could get really tricky  with
>> the time as part of the code. 
> Are you sure?
> I don't have a smart phone, but I've heard various war stories of crappy time 
> keeping.
> I assume the time was coming from an ap rather than the local cell tower.

Yes.  Cell phone networks that use CDMA require sub-millisecond synchronization between the handset and the tower to work.  The sub-millisecond metric is for 2G generation, I don't know if that's gotten tighter or not.

The cell chips don't necessarily publish the time to the SoC that's inside the cell phone, so they are left to synchronize sometimes via ntp or catch as catch can.  There's also other time protocols layered over the CDMA network, but those can require operator intervention (== crap).  I don't know if those are still in use, since my last professional brush with the CDMA network was in the 2G time frame.

I don't know anything about GSM from direct experience, but I've been told similar things hold in the GSM network...

Cell signal jamming could be an attack vector though.


More information about the time-nuts mailing list