A
$250 signal-boosting device for cellphone users can be hacked, two
researchers claim – offering total access to phone calls, internet use
and text messages on devices connected to the “femtocell”.
The devices are used to boost cellphone signal in areas with poor
reception – such as large homes or remote areas. Hacked “femtocells”
could be placed in public areas – becoming in effect a “cellphone tower”
under the control of malicious actors, harvesting information from
phones connected to it. The hack was demonstrated on a Verizon model.“We can operate a cellphone tower, and see everything that your phone would send to a cellphone tower: phone calls, text messages, picture messages, mobile web surfing,” Tom Ritter, of security firm iSEC Partners said in an interview with CNN Money. ”We can see and record it all.”
Verizon issued an update which patched the vulnerability in
March, but the researchers, from security firm iSEC warn that the same
model is used by a further 30 carriers worldwide. Firmware on such
devices is often rarely updated, according to The Register.
David Samberg of Verizon says that the patch has ensured that the
hack will no longer work against Verizon’s models, “All devices that
have not accepted the software update have been removed from the network
and no longer work,” he said in an interview with Mashable.
“This is not about how the NSA would attack ordinary
people. This is about how ordinary people would attack ordinary people,”
said iSEC’s Tom Ritter in an interview with Reuters.
The firm are to present their findings at the Black Hat security conference in Las Vegas this month, in a presentation entitled “I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell”.
“The Verizon Wireless Network Extender remains a very secure and effective solution for our customers,” said Verizon’s Samberg.
No comments:
Post a Comment