Femtocell hackers from iSEC hear, see smartphone content

Jul 16, 2013 by Nancy Owano weblog

(Phys.org) —While all thoughts are on how government agencies can abuse surveillance technologies to ruin people's lives, an unassuming group of backyard neighbors in summer clogs and shorts can leisurely lean back in their chairs and snoop to read an SMS that a victim has just sent from her smartphone, listen in on her phone calls, and see all the pictures she is sending off by intercepting the data connection. Better still, they can plant themselves in the financial district and snoop on people talking about accounts, business mergers, or anything else ripe for exploit. Welcome to iSEC's kind of exploit, the talk of the security crowd this week and no doubt the talk of companies that depend on red flags for potential security holes. The security consultants, iSEC Partners Tom Ritter and Doug DePerry, managed to hack a Verizon Wireless device and turn it into a mobile spy. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Tom Ritter, a senior consultant with the security firm iSEC Partners.

At play are small cellphone tower used by carriers as network extenders to boost wireless signals indoors, called femtocells, which are available commercially at prices ranging from about $200-250.These are small base stations that can substantially improve indoor voice coverage and data performance. Ritter and DePerry intend to go into detail about the exploit at the upcoming hacking conferences, Black Hat, starting July 27, and Def Con, scheduled for August, in Las Vegas. They intend to use femtocells from Samsung and a $50 antenna from Wilson Electronics for their .

These researchers were able to use the femtocell from Verizon to spy on Verizon customers. Whether the smartphone in use was Android or an iPhone made no difference. Text messages and pictures in the message were seen. This was not just any Verizon femtocell; it was a device that they had previously, deliberately, hacked.

Verizon Wireless in its response said, in essence, they fixed it. They updated the software on their signal-boosting devices to prevent hackers from copying the iSEC pair's technique. Verizon Wireless back in March released the Linux software update , in order to thwart any attempts such as Ritter and DePerry had made to compromise the network extenders. They also said there were no reports of any customer impact.

Ritter is not optimistic that this sort of spying technique using femtocells as a potential point of attack cannot happen again. Hackers might find other ways to abuse femtocells, to modify the device and circumvent updates, whether from Verizon or any other carrier offering them to their customers.

Explore further: Sprint launches 'guarantee' for unlimited plans

More information: via Reuters

Related Stories

Sprint launches 'guarantee' for unlimited plans

Jul 11, 2013

(AP)—Sprint is introducing a new wireless plan that guarantees new and existing subscribers unlimited voice, text and data plans in a move to differentiate its service from rivals AT&T and Verizon.

AT&T launches push-to-talk service for iPhone

Jun 10, 2013

AT&T Inc. on Monday said it's adding a walkie-talkie-like application to the iPhone for its corporate customers, replicating a hallmark feature of the Nextel network, which is being shut down this summer.

Recommended for you

Hand out money with my mobile? I think I'm ready

Apr 17, 2014

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...