Feeds

Femtocell flaw leaves Verizon subscribers' Wi-Fi and mobile wide open

Not just Verizon: Up to 30 carriers at risk

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Security researchers have demonstrated a flaw in femtocells that allows them to be used for eavesdropping on cellphone, email, and internet traffic. The hack was demonstrated on Verizon hardware, and the telco giant has issued an update to patch the vulnerability, but up to 30 other network carriers use systems with software that can be hacked in the same way.

Femtocells are used to boost Wi-Fi and mobile signals within a household, but a common form of software that many devices use has a major security flaw that allows all traffic to be recorded and analyzed. Tom Ritter and Doug DePerry from iSEC Partners demonstrated the snooping hack to Reuters using a Verizon Wireless Network Extender ahead of a lecture at the Black Hat hacking conference to be held later this month.

The researchers bought the Verizon femtocell for $250, and used open source software to test out the bugging attack. They also managed to boost the range of the femtocell to enable a much wider radius of data-slurping beyond the advertised 40 meter radius.

As many as 30 carriers could have hardware at risk, iSEC said, and the attack was simplicity itself – attack code can be pushed to vulnerable devices with no further user interaction needed. Since the firmware of femtocells is seldom updated, an attacker could eavesdrop for some time before being detected, and it's not a hard hack.

"This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Ritter.

A hacked device could be placed in locales such as a restaurant frequented by high-value targets, and used to monitor data traffic that comes through the femtocell. The information can be stored and relayed back to the attacker using the adapted device, and used for further infiltration later.

Verizon's update fixes the problem (otherwise, as at past Black Hats, the lawyers would almost certainly have stopped the briefings), but users of their Wireless Network Extender have to be aware of and apply the patch to lock down their femtocells. More worrisome is that the software is used widely in a variety of hardware femtocell systems – all users of all such hardware are advised to seek out their latest firmware upgrade.

"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," said Verizon spokesman David Samberg in a statement. True – but only if those customers upgrade their firmware. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?