Femtocell vuln allows mobile call, SMS, data interception

By

Many models likely affected.

Two security experts have used an undisclosed and now patched vulnerability to break into a femtocell and intercept mobile phone calls, SMS and data traffic.

Femtocell vuln allows mobile call, SMS, data interception

iSEC Partners senior consultants Tom Ritter and Doug DePerry demonstrated to NPR and Reuters how a Verizon femtocell could be hacked to allow traffic to be intercepted.

The research aimed to illustrate the need for robust security in the devices. 

"Femtocells are dangerous architecture," Ritter told SC via Twitter, adding that the discovered vulnerability would likely not be applicable to other embedded devices.

He offered scenarios where vulnerable femtocells could be used in targeted attacks against individuals or for mass interception in public spaces.

While Verizon went to lengths to issue a complex patch, the researchers warned that other femtocell manufacturers must harden their devices because they would likely be similarly targeted.

Ritter and DePerry would provide more information on the vulnerability at Black Hat and DefCon in Las Vegas.

Verizon said the over-the-air patch did not disrupt customers.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Log In

  |  Forgot your password?