Femtocell hackers from iSEC hear, see smartphone content

Jul 16, 2013 by Nancy Owano weblog

(Phys.org) —While all thoughts are on how government agencies can abuse surveillance technologies to ruin people's lives, an unassuming group of backyard neighbors in summer clogs and shorts can leisurely lean back in their chairs and snoop to read an SMS that a victim has just sent from her smartphone, listen in on her phone calls, and see all the pictures she is sending off by intercepting the data connection. Better still, they can plant themselves in the financial district and snoop on people talking about accounts, business mergers, or anything else ripe for exploit. Welcome to iSEC's kind of exploit, the talk of the security crowd this week and no doubt the talk of companies that depend on red flags for potential security holes. The security consultants, iSEC Partners Tom Ritter and Doug DePerry, managed to hack a Verizon Wireless device and turn it into a mobile spy. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Tom Ritter, a senior consultant with the security firm iSEC Partners.

At play are small cellphone tower used by carriers as network extenders to boost wireless signals indoors, called femtocells, which are available commercially at prices ranging from about $200-250.These are small base stations that can substantially improve indoor voice coverage and data performance. Ritter and DePerry intend to go into detail about the exploit at the upcoming hacking conferences, Black Hat, starting July 27, and Def Con, scheduled for August, in Las Vegas. They intend to use femtocells from Samsung and a $50 antenna from Wilson Electronics for their .

These researchers were able to use the femtocell from Verizon to spy on Verizon customers. Whether the smartphone in use was Android or an iPhone made no difference. Text messages and pictures in the message were seen. This was not just any Verizon femtocell; it was a device that they had previously, deliberately, hacked.

Verizon Wireless in its response said, in essence, they fixed it. They updated the software on their signal-boosting devices to prevent hackers from copying the iSEC pair's technique. Verizon Wireless back in March released the Linux software update , in order to thwart any attempts such as Ritter and DePerry had made to compromise the network extenders. They also said there were no reports of any customer impact.

Ritter is not optimistic that this sort of spying technique using femtocells as a potential point of attack cannot happen again. Hackers might find other ways to abuse femtocells, to modify the device and circumvent updates, whether from Verizon or any other carrier offering them to their customers.

Explore further: DOCOMO and Huawei confirm LTE network over unlicensed spectrum

More information: via Reuters

Related Stories

Sprint launches 'guarantee' for unlimited plans

Jul 11, 2013

(AP)—Sprint is introducing a new wireless plan that guarantees new and existing subscribers unlimited voice, text and data plans in a move to differentiate its service from rivals AT&T and Verizon.

AT&T launches push-to-talk service for iPhone

Jun 10, 2013

AT&T Inc. on Monday said it's adding a walkie-talkie-like application to the iPhone for its corporate customers, replicating a hallmark feature of the Nextel network, which is being shut down this summer.

Recommended for you

Bringing emergency communications together

Aug 21, 2014

A new University of Adelaide research project aims to improve emergency operations through integrated communications systems for police and the emergency services.

For top broadband policy, look no further than Canada

Aug 20, 2014

You might have seen communications minister Malcolm Turnbull raising the issue about Australian press not discussing policy problems and solutions from overseas, in a speech delivered at the Lowy Institute Media Awards last week: ...

Cities, states face off on municipal broadband

Aug 19, 2014

Wilson, N.C., determined nearly a decade ago that high-speed Internet access would be essential to the community's social and economic health in the 21st century, just as electricity, water and sewers were in the previous ...

New loss mechanism for global 4G roaming

Aug 19, 2014

A loss mechanism that has not been an issue in previous mobile handset antennas will become important for global 4G roaming, according to results of experiments carried out in Aalborg, Denmark.

User comments : 0