An increasingly popular technology for extending cell-phone coverage ranges had a major security hole that went undetected for years, through which an attacker could eavesdrop on everything a target did on their phone, according to new research released on Monday.
The research brings to light previously unknown vulnerabilities in some models of femtocells, devices that mobile network operators use to bring wireless service to low-coverage zones. The compact boxes, which are typically as small as a standard cable modem, can be deployed in hard-to-reach spots like the top of an apartment building or a home in the mountains. Femtocells are also referred to as “network extenders,” and analysts project that as many as 50 million of them will be in use by 2014.
In a demonstration for CNNMoney, researchers at iSEC Partners, who discovered the security hole, covertly recorded one of our phone conversations and played it back for us. They were also able to record our browsing history, text messages, and even view pictures we sent from one smartphone to another by hacking the network extender.
“We see everything that your phone would send to a cell phone tower: phone calls, text messages, picture messages, mobile Web surfing,” said iSEC Partners senior security consultant Tom Ritter.
ISEC discovered the security flaw a year ago and contacted the affected vendors, who quickly began working on a fix. Though iSEC focused its research on femtocells operating on Verizon’s 3G CDMA network, the company believes similar holes could exist on other network extenders.
- Are agencies hacking into cell phones? (wishtv.com)
- Cell phones on planes? Please hold! (cnn.com)
- How The World Would Look If We Could See All The Radiation From Our Cell Phones (fastcoexist.com)
- breakingnews: DOT to consider banning cell phone calls on… (priceofliberty.tumblr.com)