News / Science & Technology

Researchers Hack Verizon Device, Turn it Into Mobile Spy Station

A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
A cell phone user passes a Verizon store in New York in this April 27, 2006 file photo.
TEXT SIZE - +
Reuters

Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors.
 

The finding, which the experts demonstrated to Reuters and will further detail at two hacking conferences this summer, comes at a time of intense global debate about electronic privacy, after top-secret U.S. surveillance programs were leaked by a former National Security Agency contractor, Edward Snowden, last month.

"This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,'' said Tom Ritter, a senior consultant with the security firm iSEC Partners.
 

Verizon said it has updated the software on its signal-boosting devices, known as femtocells or network extenders, to prevent hackers from copying the technique of the two experts.
 

But Ritter said motivated hackers can still find other ways to hack the femtocells of Verizon, as well as those offered by some 30 carriers worldwide to their customers.

Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250. Used models can be obtained online for about $150.  Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked.
 

They declined to disclose how they had modified the software on the device, saying they do not want to make it any easier for criminals to figure out similar ways to hack femtocells.

   
The two said they plan to give more elaborate demonstrations wo weeks from now at the Black Hat and Def Con hacking conferences in Las Vegas. More than 15,000 security professionals and hackers are expected to attend those conferences, which feature talks on newly found bugs in communications systems, smart TVs, mobile devices and computers that run facilities from factories to oil rigs.

 

Verizon Wireless released a Linux software update in March that prevents its network extenders from being compromised in the manner reported by Ritter and DePerry, according to company spokesman David Samberg.

"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers,'' Samberg said in a statement. He said there have been no reports of customers being impacted by the bug that the researchers had identified. The company is a joint venture between Verizon Communications Inc and Vodafone Group Plc.

 

Samberg said his company uses an internal security team as well as outside firms to look for vulnerabilities in the devices it sells, before and after they are released.

   
Still, the two researchers said they are able to use the hacked femtocell to spy on Verizon phones even after Verizon released that update because they had modified the device before the company pushed out the software fix.


The researchers built their "proof of concept'' system that they will demonstrate in Las Vegas with femtocells manufactured by Samsung Electronics Co and a $50 antenna from Wilson Electronics Inc.
 

They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.

   
For example, a group interested in potential mergers might place such a backpack in Manhattan restaurants frequented by investment bankers. Verizon's website said the device has a 40-foot range, but the researchers believe that could be expanded by adding specialized antennas.
 

The iSEC researchers are not the first to warn of vulnerabilities in femtocells, but claim to be the first to hack the femtocells of a U.S. carrier and also the first running on a wireless standard known as CDMA. Other hacking experts have previously uncovered security bugs in femtocells used by carriers in Europe.

   
CTIA, a wireless industry group based in Washington, in February released a report that identified femtocells as a potential point of attack. John Marinho, CTIA's vice president for cybersecurity and Technology, said that the group is more concerned about other potential cyber threats, such as malicious apps. He is not aware of anycase where attacks were launched via femtocells.
 

Still, he said, the industry is monitoring the issue: "Threats change every day.''

 

You May Like

Photogallery Pope's Easter Prayer: Peace in Ukraine, Syria

Pontiff also calls for end to terrorist acts in Nigeria, violence in Iraq, and success in peace talks between Israelis and Palestinians More

Abdullah Holds Lead in Afghan Presidential Election

Country's Election Commission says that with half of the ballots counted, former FM remains in the lead with 44 percent of the vote More

Russia-Ukraine Crisis Could Trigger Cyber War

As tensions between Kyiv and Moscow escalate, so too has frequency of online attacks targeting government, news and financial sites More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Ukraine, Russia, United in Faith, Divided in Politicsi
X
Michael Eckels
April 19, 2014
There is a strong historical religious connection between Russia and Ukraine. But what role is religion playing in the current conflict? In the run-up to Easter, Michael Eckels in Moscow reports for VOA.
Video

Video Ukraine, Russia, United in Faith, Divided in Politics

There is a strong historical religious connection between Russia and Ukraine. But what role is religion playing in the current conflict? In the run-up to Easter, Michael Eckels in Moscow reports for VOA.
Video

Video Face of American Farmer is Changing

The average American farmer is now 58 years old, and farmers 65 and older are the fastest growing segment of the population. It’s a troubling trend signaling big changes ahead for American agriculture as aging farmers retire. Reporter Mike Osborne says a new report from the U.S. Census Bureau is suggesting what some of those changes might look like... and why they might not be so troubling.
Video

Video Donetsk Governor: Ukraine Military Assault 'Delicate But Necessary'

Around a dozen state buildings in eastern Ukraine remain in the hands of pro-Russian protesters who are demanding a referendum on self-rule. The governor of the whole Donetsk region is among those forced out by the protesters. He spoke to VOA's Henry Ridgwell from his temporary new office in Donetsk city.
Video

Video Drones May Soon Send Data From High Seas

Drones are usually associated with unmanned flying vehicles, but autonomous watercraft are also becoming useful tools for jobs ranging from scientific exploration to law enforcement to searching for a missing airliner in the Indian Ocean. VOA’s George Putic reports on sea-faring drones.
Video

Video New Earth-Size Planet Found

Not too big, not too small. Not too hot, not too cold. A newly discovered planet looks just right for life as we know it, according to an international group of astronomers. VOA’s Steve Baragona has more.
Video

Video Copts in Diaspora Worry About Future in Egypt

Around 10 percent of Egypt’s population belong to the Coptic faith, making them the largest Christian minority in the Middle East. But they have become targets of violence since the revolution three years ago. With elections scheduled for May and the struggle between the Egyptian military and Islamists continuing, many Copts abroad are deeply worried about the future of their ancient church. VOA religion correspondent Jerome Socolovsky visited a Coptic church outside Washington DC.
Video

Video Critics Say Venezuelan Protests Test Limits of Military's Support

During the two months of deadly anti-government protests that have rocked the oil-rich nation of Venezuela, President Nicolas Maduro has accused the opposition of trying to initiate a coup. Though a small number of military officers have been arrested for allegedly plotting against the government, VOA’s Brian Padden reports the leadership of the armed forces continues to support the president, at least for now.
Video

Video More Millenials Unplug to Embrace Board Games

A big new trend in the U.S. toy industry has more consumers switching off their high-tech gadgets to play with classic toys, like board games. This is especially true among the so-called millenial generation - those born in the 1980's and 90's. Elizabeth Lee has more from an unusual café in Los Angeles, where the new trend is popular and business is booming.
Video

Video Google Buys Drone Company

In its latest purchase of high-tech companies, Google has acquired a manufacturer of solar-powered drones that can stay in the air almost indefinitely, relaying broadband Internet connection to remote areas. It is seen as yet another step in the U.S. based Web giant’s bid to bring Internet to the whole world. VOA’s George Putic reports.
AppleAndroid