Two American researchers have managed to penetrate network extenders of Verizon Wireless and use them to spy on the network’s mobile phone customers.
The method, demonstrated in front of Reuters reporters, is said to be a convenient tool for random hackers. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Tom Ritter, a senior consultant with the security firm iSEC Partners.
Ritter, together with his colleague Doug DePerry, found the glitch in Verizon’s security allowing them to intercept text messages, photos and phone calls made with an Android phone and an iPhone by using a previously hacked Verizon femtocell.
Femtocells, or network extenders, are sold by Verizon and other telecommunication companies worldwide to boost indoor mobile phone signal. They function as tiny mobile phone towers. Verizon sells them for $250.
In reaction to the demonstration, Verizon, the second biggest US mobile network provider, said the company has updated the software earlier this year, making it impossible for the attackers to penetrate the company’s systems.
"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," the company’s spokesman David Samberg said in a statement, maintaining there have been no reports of customers being impacted by the bug that the researchers had identified.
However, Tom Ritter said that, despite the software fix, the extenders remained the weak link. He said the software update, for example, wouldn’t protect a femtocell that had already been modified previously.
The duo of scientific hackers has refused to reveal the details of their technique and promised to perform a more complex demonstration later this month at the Black Hat and Def Con hacking conference in Las Vegas.
They believe the method could be easily turned into a weapon as all the eavesdropping equipment could be packed into a backpack, which could be then left near the site the attacker wants to monitor.
For example, a group interested in potential mergers might place such a backpack in Manhattan restaurants frequented by investment bankers. Verizon's website said the device has a 12m range, but the researchers believe that could be easily expanded by adding specialized antennas.
Although other teams have previously pointed to the shortcoming in femtocells’ protection, this is said to be the first time when a US femtocell using a CDMA wireless standard has actually been hacked
Other hacking experts have previously uncovered security bugs in femtocells used by carriers in Europe. However, John Marinho of the Wireless Association CTIA, said other potential cyber threats, such as malicious apps, are of a much greater concern and that the association is not aware of any case where attacks were launched via femtocells.