Femtocell vuln allows mobile call, SMS, data interception

By

Many models likely affected.

Two security experts have used an undisclosed and now patched vulnerability to break into a femtocell and intercept mobile phone calls, SMS and data traffic.

Femtocell vuln allows mobile call, SMS, data interception

iSEC Partners senior consultants Tom Ritter and Doug DePerry demonstrated to NPR and Reuters how a Verizon femtocell could be hacked to allow traffic to be intercepted.

The research aimed to illustrate the need for robust security in the devices. 

"Femtocells are dangerous architecture," Ritter told SC via Twitter, adding that the discovered vulnerability would likely not be applicable to other embedded devices.

He offered scenarios where vulnerable femtocells could be used in targeted attacks against individuals or for mass interception in public spaces.

While Verizon went to lengths to issue a complex patch, the researchers warned that other femtocell manufacturers must harden their devices because they would likely be similarly targeted.

Ritter and DePerry would provide more information on the vulnerability at Black Hat and DefCon in Las Vegas.

Verizon said the over-the-air patch did not disrupt customers.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?