Femtocell hacking: As mobile networks expand they become more vulnerable

When Laura Sydell of NPR experienced a cellphone hacking attempt by white-hat hackers of  iSEC Partners, the damage was damning. Tom Ritter, a security consultant for iSEC Partners, was able to point out Sydell’s phone number when she walked into the room. And when she called someone for a small chat, Ritter was able to record and playback the entire conversation without hassle. Even scarier, he was able to do it all with free software from the Internet and a $250 product on Best Buy.
The main gadget in question? The femtocell, a low-cost low-power cellular base station that can ensure you get a signal no matter how far you are away from a tower. Femtos have been used to expand networks to the remotest parts of the Congo. But in the right hands, the power of the femtocell can be used for nefarious purposes.
While the hack was performed only on Verizon’s femtocell and Verizon has since claimed to have patched the flaw after Ritter and his team alerted the cell provider of the breach, Ritter’s hack was able to automatically detect and information from cell phones without the owner’s knowledge.  This is because a femtocell is actually a very small cell tower. Unlike traditional cell sites that are locked behind some serious security (and fences), anyone can buy and crack open a femtocell. If the hacker can get past the security measures in place for the device, he or she gets access to any information that would normally pass through a tower: text messages, voice calls and possibly even passwords you type into your browser.
Femtocell hacking is a symptom of a larger technological issue: as technology expands to meet the needs of our ever-increasing data transmissions, we’re exposing the network to the public and that increased exposure is bound to create new tools for hackers. While an off-the-shelf femtocell from Best Buy may only have a 40-foot radius, a compromised femtocell could present a real danger to anyone in range. And with femtocell sales on the rise this year, the odds of that happening could continue to get higher.
This is exactly how Ritter and other white-hat hackers make their money — by finding these flaws and fixing them for unknowing companies. He will be presenting his femtocell findings in August at this year’s Def Con at a talk entitled, “I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell.” Technology isn’t perfect and there still are a lot of risks, but the battle to ensure great technologies stay fundamentally “good” is an important one.