News / Science & Technology

    Researchers Hack Verizon Device, Turn it Into Mobile Spy Station

    A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
    A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
    Reuters

    Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors.
     

    The finding, which the experts demonstrated to Reuters and will further detail at two hacking conferences this summer, comes at a time of intense global debate about electronic privacy, after top-secret U.S. surveillance programs were leaked by a former National Security Agency contractor, Edward Snowden, last month.

    "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,'' said Tom Ritter, a senior consultant with the security firm iSEC Partners.
     

    Verizon said it has updated the software on its signal-boosting devices, known as femtocells or network extenders, to prevent hackers from copying the technique of the two experts.
     

    But Ritter said motivated hackers can still find other ways to hack the femtocells of Verizon, as well as those offered by some 30 carriers worldwide to their customers.

    Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250. Used models can be obtained online for about $150.  Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked.
     

    They declined to disclose how they had modified the software on the device, saying they do not want to make it any easier for criminals to figure out similar ways to hack femtocells.

       
    The two said they plan to give more elaborate demonstrations wo weeks from now at the Black Hat and Def Con hacking conferences in Las Vegas. More than 15,000 security professionals and hackers are expected to attend those conferences, which feature talks on newly found bugs in communications systems, smart TVs, mobile devices and computers that run facilities from factories to oil rigs.

     

    Verizon Wireless released a Linux software update in March that prevents its network extenders from being compromised in the manner reported by Ritter and DePerry, according to company spokesman David Samberg.

    "The Verizon Wireless Network Extender remains a very secure and effective solution for our customers,'' Samberg said in a statement. He said there have been no reports of customers being impacted by the bug that the researchers had identified. The company is a joint venture between Verizon Communications Inc and Vodafone Group Plc.

     

    Samberg said his company uses an internal security team as well as outside firms to look for vulnerabilities in the devices it sells, before and after they are released.

       
    Still, the two researchers said they are able to use the hacked femtocell to spy on Verizon phones even after Verizon released that update because they had modified the device before the company pushed out the software fix.


    The researchers built their "proof of concept'' system that they will demonstrate in Las Vegas with femtocells manufactured by Samsung Electronics Co and a $50 antenna from Wilson Electronics Inc.
     

    They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.

       
    For example, a group interested in potential mergers might place such a backpack in Manhattan restaurants frequented by investment bankers. Verizon's website said the device has a 40-foot range, but the researchers believe that could be expanded by adding specialized antennas.
     

    The iSEC researchers are not the first to warn of vulnerabilities in femtocells, but claim to be the first to hack the femtocells of a U.S. carrier and also the first running on a wireless standard known as CDMA. Other hacking experts have previously uncovered security bugs in femtocells used by carriers in Europe.

       
    CTIA, a wireless industry group based in Washington, in February released a report that identified femtocells as a potential point of attack. John Marinho, CTIA's vice president for cybersecurity and Technology, said that the group is more concerned about other potential cyber threats, such as malicious apps. He is not aware of anycase where attacks were launched via femtocells.
     

    Still, he said, the industry is monitoring the issue: "Threats change every day.''

     

    You May Like

    Video Somali, AU Forces Face Resurgent Al-Shabab

    Somalia’s Western backers frustrated over country’s slow progress in establishing its armed forces to bring security after 25 years of chaos

    Israel Makes Push for Gaza Strip Recovery

    After years of economic blockade and attempts to disable Hamas, Israeli leaders eventually realized that Hamas’ downfall could lead to chaos or the rise of a more radical Jihadist group

    Slump in Chinese Tourists Hitting Hong Kong Retail

    Mainland Chinese account for up to three-quarters of visitors to Hong Kong, but that number is falling, and shopping centers are struggling to 'shift gears' and maintain sales

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Somali, African Union Forces Face Resurgent Al-Shababi
    X
    Henry Ridgwell
    April 28, 2016 4:20 PM
    The Islamic State terror group claimed its first attack in Somalia earlier this week, though the claim has not been verified by forces on the ground. Meanwhile, al-Shabab militants have stepped up their attacks as Somalia prepares for elections later this year. Henry Ridgwell reports there are growing frustrations among Somalia’s Western backers over the country’s slow progress in forming its own armed forces to establish security after 25 years of chaos.
    Video

    Video Somali, African Union Forces Face Resurgent Al-Shabab

    The Islamic State terror group claimed its first attack in Somalia earlier this week, though the claim has not been verified by forces on the ground. Meanwhile, al-Shabab militants have stepped up their attacks as Somalia prepares for elections later this year. Henry Ridgwell reports there are growing frustrations among Somalia’s Western backers over the country’s slow progress in forming its own armed forces to establish security after 25 years of chaos.
    Video

    Video Bangladesh Targeted Killings Spark Wave of Fear

    People in Bangladesh’s capital are expressing deep concern over the brutal attacks that have killed secular blogger, and most recently a gay rights activist and an employee of the U.S. embassy. Xulhaz Mannan, an embassy protocol officer and the editor of the country’s only gay and transgender magazine Roopban; and his friend Mehboob Rabbi Tanoy, a gay rights activist, were hacked to death by five attackers in Mannan’s Dhaka home earlier this month.
    Video

    Video Documentary Tells Tale of Chernobyl Returnees

    Ukraine this week is marking the 30th anniversary of the world's worst nuclear accident, at the Chernobyl nuclear power plant. Soviet officials at first said little about the accident, but later evacuated a 2,600-square-kilometer "exclusion zone." Some people, though, came back. American directors Holly Morris and Anne Bogart created a documentary about this faithful and brave community. VOA's Tetiana Kharchenko reports from New York on "The Babushkas of Chernobyl." Carol Pearson narrates.
    Video

    Video Nigerians Feel Bite of Buhari Economic Policy

    Despite the global drop in the price of oil, Nigerian President Muhammadu Buhari has refused to allow the country's currency to devalue, leading to a shortage of foreign exchange. Chris Stein reports from Lagos businessmen and consumers are feeling the impact as the country deals with a severe fuel shortage.
    Video

    Video  Return to the Wild

    There’s a growing trend in the United States to let old or underused golf courses revert back to nature. But as Erika Celeste reports from one parcel in Grafton, Ohio, converting 39 hectares of land back to green space is a lot more complicated than just not mowing the fairway.
    Video

    Video West Urges Unity in Libya as Migrant Numbers Soar

    The Italian government says a NATO-led mission aimed at stemming the flow of migrants from Libya to Europe could be up and running by July. There are concerns that the number of migrants could soar as the route through Greece and the Balkans remains blocked. Western powers say the political chaos in Libya is being exploited by people smugglers — and they are pressuring rival groups to come together under the new unity government. VOA's Henry Ridgwell reports.
    Video

    Video Russia’s TV Rain Swims Against Tide in Sea of Kremlin Propaganda

    Russia’s media freedoms have been gradually eroded under President Vladimir Putin as his government has increased state ownership, influence, and restrictions on critical reporting. Television, where most Russians get their news, has been the main target and is now almost completely state controlled. But in the Russian capital, TV Rain stands out as an island in a sea of Kremlin propaganda.
    Video

    Video Kurdish Town Receives Refugees but Lacks Resources

    A wave of refugees is pouring into the Kurdish town of Afrin in northern Syria as a result of fighting between rebel forces and Islamic State militants. VOA’s Amina Misto went to the town and reports local authorities are finding it difficult to cope with this influx of internally displaced people. Bronwyn Benito narrates her report.
    Video

    Video Scientists Build Human Tissue on Animal Matrix

    The question has always been, if a gecko can grow back its tail, why can't we regenerate our lost body parts? Well, maybe we can, someday. Scientists are moving towards the ability to rebuild fully functioning organs, and have made significant progress replacing muscles and other tissue.
    Video

    Video Containing Chernobyl Radiation Continues 30 Years After Explosion

    April 26 marks the 30th anniversary of the Chernobyl nuclear disaster. Hundreds were killed following the explosion and it's estimated that thousands more have died from cancers caused by the radiation. Henry Ridgwell traveled to Chernobyl and reports for VOA on the continuing efforts to decommission the site -- and on the fledgling plans for a new future in the vast exclusion zone.
    Video

    Video Frustration Builds Among Refugees Trapped at Macedonian Border

    On the Greek border with Macedonia, 12,000 refugees continue to wait. Since the route to the rest of Europe was closed last month, the makeshift camp at Idomeni has seen protests and tear gas. But while those here wait, their frustration grows — as do reports of people attempting to find new ways of continuing their journey. John Owens reports from Idomeni.
    Video

    Video Researchers: Bees Help Kenyan Farmers Fend Off Elephants

    Elephant crop-raiding continues to be a major source of human-wildlife conflict in Kenya, so one elephant researcher is helping to alleviate the problem near Tsavo East National Park with beehive fences, which use elephants’ natural aversion to bees to deter them from farms. VOA’s Jill Craig visited the area ahead of this month's Giants Club Summit, which will bring together dignitaries at Mount Kenya to find solutions to combat poaching, the No. 1 threat to elephants.

    Special Report

    Adrift The Invisible African Diaspora