Femtocell vuln allows mobile call, SMS, data interception

By

Many models likely affected.

Two security experts have used an undisclosed and now patched vulnerability to break into a femtocell and intercept mobile phone calls, SMS and data traffic.

Femtocell vuln allows mobile call, SMS, data interception

iSEC Partners senior consultants Tom Ritter and Doug DePerry demonstrated to NPR and Reuters how a Verizon femtocell could be hacked to allow traffic to be intercepted.

The research aimed to illustrate the need for robust security in the devices. 

"Femtocells are dangerous architecture," Ritter told SC via Twitter, adding that the discovered vulnerability would likely not be applicable to other embedded devices.

He offered scenarios where vulnerable femtocells could be used in targeted attacks against individuals or for mass interception in public spaces.

While Verizon went to lengths to issue a complex patch, the researchers warned that other femtocell manufacturers must harden their devices because they would likely be similarly targeted.

Ritter and DePerry would provide more information on the vulnerability at Black Hat and DefCon in Las Vegas.

Verizon said the over-the-air patch did not disrupt customers.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?