Two security experts have used an undisclosed and now patched vulnerability to break into a femtocell and intercept mobile phone calls, SMS and data traffic.
iSEC Partners senior consultants Tom Ritter and Doug DePerry demonstrated to NPR and Reuters how a Verizon femtocell could be hacked to allow traffic to be intercepted.
The research aimed to illustrate the need for robust security in the devices.
"Femtocells are dangerous architecture," Ritter told SC via Twitter, adding that the discovered vulnerability would likely not be applicable to other embedded devices.
He offered scenarios where vulnerable femtocells could be used in targeted attacks against individuals or for mass interception in public spaces.
While Verizon went to lengths to issue a complex patch, the researchers warned that other femtocell manufacturers must harden their devices because they would likely be similarly targeted.
Ritter and DePerry would provide more information on the vulnerability at Black Hat and DefCon in Las Vegas.
Verizon said the over-the-air patch did not disrupt customers.