News / Science & Technology

    Researchers Hack Verizon Device, Turn it Into Mobile Spy Station

    A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
    A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
    Reuters

    Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors.
     

    The finding, which the experts demonstrated to Reuters and will further detail at two hacking conferences this summer, comes at a time of intense global debate about electronic privacy, after top-secret U.S. surveillance programs were leaked by a former National Security Agency contractor, Edward Snowden, last month.

    "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,'' said Tom Ritter, a senior consultant with the security firm iSEC Partners.
     

    Verizon said it has updated the software on its signal-boosting devices, known as femtocells or network extenders, to prevent hackers from copying the technique of the two experts.
     

    But Ritter said motivated hackers can still find other ways to hack the femtocells of Verizon, as well as those offered by some 30 carriers worldwide to their customers.

    Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250. Used models can be obtained online for about $150.  Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked.
     

    They declined to disclose how they had modified the software on the device, saying they do not want to make it any easier for criminals to figure out similar ways to hack femtocells.

       
    The two said they plan to give more elaborate demonstrations wo weeks from now at the Black Hat and Def Con hacking conferences in Las Vegas. More than 15,000 security professionals and hackers are expected to attend those conferences, which feature talks on newly found bugs in communications systems, smart TVs, mobile devices and computers that run facilities from factories to oil rigs.

     

    Verizon Wireless released a Linux software update in March that prevents its network extenders from being compromised in the manner reported by Ritter and DePerry, according to company spokesman David Samberg.

    "The Verizon Wireless Network Extender remains a very secure and effective solution for our customers,'' Samberg said in a statement. He said there have been no reports of customers being impacted by the bug that the researchers had identified. The company is a joint venture between Verizon Communications Inc and Vodafone Group Plc.

     

    Samberg said his company uses an internal security team as well as outside firms to look for vulnerabilities in the devices it sells, before and after they are released.

       
    Still, the two researchers said they are able to use the hacked femtocell to spy on Verizon phones even after Verizon released that update because they had modified the device before the company pushed out the software fix.


    The researchers built their "proof of concept'' system that they will demonstrate in Las Vegas with femtocells manufactured by Samsung Electronics Co and a $50 antenna from Wilson Electronics Inc.
     

    They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.

       
    For example, a group interested in potential mergers might place such a backpack in Manhattan restaurants frequented by investment bankers. Verizon's website said the device has a 40-foot range, but the researchers believe that could be expanded by adding specialized antennas.
     

    The iSEC researchers are not the first to warn of vulnerabilities in femtocells, but claim to be the first to hack the femtocells of a U.S. carrier and also the first running on a wireless standard known as CDMA. Other hacking experts have previously uncovered security bugs in femtocells used by carriers in Europe.

       
    CTIA, a wireless industry group based in Washington, in February released a report that identified femtocells as a potential point of attack. John Marinho, CTIA's vice president for cybersecurity and Technology, said that the group is more concerned about other potential cyber threats, such as malicious apps. He is not aware of anycase where attacks were launched via femtocells.
     

    Still, he said, the industry is monitoring the issue: "Threats change every day.''

     

    You May Like

    Turkey, US Splits Deepen Over Support for Kurdish Militants

    Ankara summons American ambassador to protest remarks by State Department spokesman who said Washington does not consider Syria's Kurdish Democracy Union Party (PYD) a terrorist organization

    Obama Seeking $19 Billion for National Cybersecurity

    Move, touted as attempt to build broad, cohesive federal response to cyberthreats, calls for increase in cybersecurity spending across all government agencies

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire, who sound off on foreign policy issues such as the Guantanamo Bay prison, the Israeli-Palestinian conflict and the wars in Iraq, Syria and Yemen

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Valentine's Day Stinks for Lebanese Clownsi
    X
    February 09, 2016 8:04 PM
    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Valentine's Day Stinks for Lebanese Clowns

    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Rocky Year Ahead for Nigeria Amid Oil Price Crash

    The global fall in the price of oil has rattled the economies of many petroleum exporters, and Africa’s oil king Nigeria is no exception. As Chris Stein reports from Lagos, analysts are predicting a rough year ahead for the continent’s top producer of crude.
    Video

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire who sound off on foreign policy issues such as the Guantanamo Bay Prison, the Israeli-Palestinian conflict, Middle East Affairs and national security.
    Video

    Video 'No Means No' Program Targets Sexual Violence in Kenya

    The organizers of an initiative to reduce and stop rape in the informal settlements around Kenya's capital say their program is having marked success. Girls are taking self-defense classes while the boys are learning how to protect the girls and respect them. Lenny Ruvaga reports from Nairobi.
    Video

    Video New Hampshire Voters Are Independent, Mindful of History

    Once every four years, the northeastern state of New Hampshire becomes the center of the U.S. political universe with its first-in-the-nation presidential primary. What's unusual about New Hampshire is how seriously the voters take their role and the responsibility of being among the first to weigh in on the candidates.
    Video

    Video Chocolate Lovers Get a Sweet History Lesson

    Observed in many countries around the world, Valentine’s Day is sometimes celebrated with chocolate festivals. But at a festival near Washington, the visitors experience a bit more than a sugar rush. They go on a sweet journey through history. VOA’s June Soh takes us to the festival.
    Video

    Video 'Smart' Bandages Could Heal Wounds More Quickly

    Simple bandages are usually seen as the first line of attack in healing small to moderate wounds and burns. But scientists say new synthetic materials with embedded microsensors could turn bandages into a much more valuable tool for emergency physicians. VOA’s George Putic reports.
    Video

    Video Bhutanese Refugees in New Hampshire Closely Watching Primary Election

    They fled their country and lived in refugee camps in neighboring Nepal for decades before being resettled in the northeastern U.S. state of New Hampshire -- now the focus of the U.S. presidential contest. VOA correspondent Aru Pande spoke with members of the Bhutanese community, including new American citizens, about the campaign and the strong anti-immigrant rhetoric of some of the candidates.
    Video

    Video Researchers Use 3-D Printer to Produce Transplantable Body Parts

    Human organ transplants have become fairly common around the world in the past few decades. Researchers at various universities are coordinating their efforts to find solutions -- including teams at the University of Pennsylvania and Rice University in Houston that are experimenting with a 3-D printer -- to make blood vessels and other structures for implant. As VOA’s Greg Flakus reports from Houston, they are also using these artificial body parts to seek ways of defeating cancerous tumors.
    Video

    Video Helping the Blind 'See' Great Art

    There are 285 million blind and visually impaired people in the world who are unable to enjoy visual art at a museum. One New York photographer is trying to fix this situation by making tangible copies of the world’s masterpieces. VOA correspondent Victoria Kupchinetsky was there as visually impaired people got a feel for great art. Joy Wagner narrates her report.
    Video

    Video German Artists to Memorialize Refugees With Life Jacket Exhibit

    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video E-readers Help Ease Africa's Book Shortage

    Millions of people in Africa can't read, and there's a chronic shortage of books. A non-profit organization called Worldreader is trying to help change all that one e-reader at a time. VOA’s Deborah Block tells us about a girls' school in Nairobi, Kenya where Worldreader is making a difference.
    Video

    Video Genius Lets World Share Its Knowledge

    Inspired by crowdsourcing companies like Wikipedia, Genius allows anyone to edit anything on the web, using its web annotation tool
    Video

    Video In Philippines, Mixed Feelings About Greater US Military Presence

    In the Philippines, some who will be directly affected by a recent Supreme Court decision clearing the way for more United States troop visits are having mixed reactions.  The increased rotations come at a time when the Philippines is trying to build up its military in the face of growing maritime assertiveness from China.  From Bahile, Palawan on the coast of the South China Sea, Simone Orendain has this story.