Femtocell hackers from iSEC hear, see smartphone content

Jul 16, 2013 by Nancy Owano weblog

(Phys.org) —While all thoughts are on how government agencies can abuse surveillance technologies to ruin people's lives, an unassuming group of backyard neighbors in summer clogs and shorts can leisurely lean back in their chairs and snoop to read an SMS that a victim has just sent from her smartphone, listen in on her phone calls, and see all the pictures she is sending off by intercepting the data connection. Better still, they can plant themselves in the financial district and snoop on people talking about accounts, business mergers, or anything else ripe for exploit. Welcome to iSEC's kind of exploit, the talk of the security crowd this week and no doubt the talk of companies that depend on red flags for potential security holes. The security consultants, iSEC Partners Tom Ritter and Doug DePerry, managed to hack a Verizon Wireless device and turn it into a mobile spy. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Tom Ritter, a senior consultant with the security firm iSEC Partners.

At play are small cellphone tower used by carriers as network extenders to boost wireless signals indoors, called femtocells, which are available commercially at prices ranging from about $200-250.These are small base stations that can substantially improve indoor voice coverage and data performance. Ritter and DePerry intend to go into detail about the exploit at the upcoming hacking conferences, Black Hat, starting July 27, and Def Con, scheduled for August, in Las Vegas. They intend to use femtocells from Samsung and a $50 antenna from Wilson Electronics for their .

These researchers were able to use the femtocell from Verizon to spy on Verizon customers. Whether the smartphone in use was Android or an iPhone made no difference. Text messages and pictures in the message were seen. This was not just any Verizon femtocell; it was a device that they had previously, deliberately, hacked.

Verizon Wireless in its response said, in essence, they fixed it. They updated the software on their signal-boosting devices to prevent hackers from copying the iSEC pair's technique. Verizon Wireless back in March released the Linux software update , in order to thwart any attempts such as Ritter and DePerry had made to compromise the network extenders. They also said there were no reports of any customer impact.

Ritter is not optimistic that this sort of spying technique using femtocells as a potential point of attack cannot happen again. Hackers might find other ways to abuse femtocells, to modify the device and circumvent updates, whether from Verizon or any other carrier offering them to their customers.

Explore further: Sprint launches 'guarantee' for unlimited plans

More information: via Reuters

Related Stories

Sprint launches 'guarantee' for unlimited plans

Jul 11, 2013

(AP)—Sprint is introducing a new wireless plan that guarantees new and existing subscribers unlimited voice, text and data plans in a move to differentiate its service from rivals AT&T and Verizon.

AT&T launches push-to-talk service for iPhone

Jun 10, 2013

AT&T Inc. on Monday said it's adding a walkie-talkie-like application to the iPhone for its corporate customers, replicating a hallmark feature of the Nextel network, which is being shut down this summer.

Recommended for you

Hand out money with my mobile? I think I'm ready

6 hours ago

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 0

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...