So you are out and about, minding your own business, texting, sending images and making calls on your smartphone via Verizon Wireless. Although you might not ask, "Can you hear me now?" two security researchers will assure you, "Yes, I can hear you now." They can not only hear you, but they can also nab any photos or texts you send if you are within about 40 feet of their Verizon femtocell. It's a network extender device about the size of a wireless router that acts like a miniaturized cell tower to boost your signal. And it may be a dream come true for NSA surveillance wannabes. iSEC Partners Tom Ritter and Doug DePerry will be presenting"I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell" at Def Con.
The duo demonstrated for Reuters "how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked." Ritter told Reuters, "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people."
They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.
David Samberg, a Verizon spokesman, said the flaw was fixed by an "over-the-air software push." In March, Verizon Wireless released the Linux software update "that prevents its network extenders from being compromised in the manner reported by Ritter and DePerry." He further claimed, "All of the devices received the software upgrade. Anyone who tried to block the fix on their femtocell would be disconnected from the network." To Reuters, he added, "There have been no reports of customers being impacted by the bug that the researchers had identified."
Still, that doesn't ring true after NPR's Laura Sydell said her phone was "broken into" a moment after she stepped into the hackers' hotel room. The phone automatically connects without any indication to the user, but Ritter said a person "has to be within around 40 feet of the femtocell for it to tap into their phone." However, it is small, portable and "can pick up signals through most walls," meaning anyone could have one almost anywhere.
NPR said the total cost for the hack was about $300, based on $250 Verizon femtocall and $50 antenna. Yet eBay has dozens of femtocalls listed for cheaper than that, as well as various low price Wilson Electronics antennas like the security researchers used. Besides that, DSL Reports added that Verizon's femtocall service "isn't a particularly great value at $250 (a price Verizon never reduces), given it eats away at your plan minutes despite using your bandwidth to ease tower congestion. The device also doesn't let you set the security settings on your own device, meaning you can't control how many strangers get to use your bandwidth to make phone calls."
Sign up for CIO Asia eNewsletters.