Two security experts with the firm iSEC told Reuters that they've developed a system that would allow pretty much anyone, with as little as $250 worth of equipment, to make a mobile spy station that could get illicit access to any Verizon device. Ever wanted to feel like the NSA?
The hack relies on a femtocell, a smallish mobile antennae sold by wireless carriers like Verizon and AT&T that act like very small cell towers. You typically use a femtocell in areas where you don't have cell service; plug it into your broadband connection and it'll deliver a strong signal with about a 40-foot range. Verizon calls their model a "Network Extender" and sells it for $250, though they can be bought used for less. This particular hack is the first on a CDMA network like Verizon's (CDMA is one kind of network protocol, used by Sprint and Verizon. T-Mobile, AT&T, and just about every European and Asian networks all use the GSM protocol), though there's no reason to think other networks' femtocells couldn't be similarly hacked.
The two security experts figured out a way, which they're not disclosing, to hack a Verizon femtocell and, according to Reuters, "eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone." But the most concerning thing is that these femtocells are fairly mobile; with an additional antenna to boost that 40-foot range and a mobile source of battery power, you could stick a hacked femtocell in a backpack, drop it in a crowded place, and hack into anyone who mistakenly uses the network.
It's especially insidious because unlike a Wi-Fi connection, users have no indication that they're connected to a femtocell rather than a regular tower. Cell service doesn't require a login or confirmation; it's assumed you want to be connected to your network whenever you're in range of anything that'll connect you. There's no alert for the same reason you don't get an alert when you switch from connecting to one tower to connecting to another tower: it happens too often and it's unlikely to be hacked.
But a femtocell can, apparently, be hacked. The security experts aren't saying how, waiting to disclose it in a few weeks to a pair of hacker conferences in Las Vegas, the Black Hat and Def Con conferences.
Verizon says as soon as they were made aware of the security hole, they patched their femtocells to plug the hole. The iSEC guys say their hacked femtocell still works, because they had hacked it before March, when the patch was released. That means the hack is no longer of much use to evildoers, but might indicate that hacking a femtocell isn't quite as hard as Verizon would like it to be.
NSA, CIA, FBI, 'other military and government agencies' have been exploiting for ages, lol prior to this device. If the signal is broadcast via the airwaves, it can be listen to, unless it encrypted and or equip with a login and password. And since NSA has a 20 billion a year budget and 1000s of super computer to crash passwords and encryption, listen is easy and in real time.
This is just a poor design.
"...On the board there are two System-0n-Chips, an FPGA, the radio chip, and a GPS module. There is some tamper detection circuitry which [C1de0x] got around, but he’s saving that info for a future post. In poking and prodding at the hardware he found the UART connections which let him tap into each of the SoCs which dump data as they boot. It’s running a Linux kernel with BusyBox and there are SSH and ROOT accounts which share the same password. About five days of automated cracking and the password was discovered..."
[that's brute force cracking]
"...But things really start to get interesting when he stumbles upon something he calls the “wizard”. It’s a backdoor which allow full access to the device. Now it looks like the developers must have missed something, because this is just sitting out there on the WAN waiting for someone to monkey with it. Responses are sent to a hard-coded IP address, but a bit of work with the iptables will fix that. Wondering what kind of mischief can be caused by this security flaw? Take a look at the Vodafone femtocell hacking to find out."
"Do not try and bend the spoon. That is impossible. Only try and realize the truth - there is no spoon."
Cell phone conversations have not been considered secure EVER! Why anyone would think they are is beyond me.
The sad part is silly people worried about NSA. They have been attacked by crooks using the most advanced automated tools to try to steal from them. Every company is using personal data from every mouse click to sell them junk. Companies are under attack by foreign spy machines in order to steal trade secrets. Pretty sure NSA is the least of your worries.
LoL, sure this device and more like them with a 'how to hack' tech suggestions will pan out to be a good thing.....
that's really interesting, I have one since I live in an area not covered well by verizon. It would be kind of funny to hack it and spy on friends haha but it does show an indication that you are connected to it by showing a house icon above the signal bars.
I don't think this is that new except that maybe it is specifically Verizon hardware. Someone presented on just these topics at Blackhat in 2011 and there are numerous examples online of various researchers using femtocells from AT&T and other carriers to initiate the same kind of attacks. Unless these guys have come up with something new and super cool, this is very old news as far as information security is concerned. Just Google "femtocell imsi catcher" and you will see what I mean. They don't have to release what they have done, plenty of others have already released some very interesting techniques using much lower costs femtocells and it is not that hard to do if you are already into infosec. I think they are just trying to stick it to Verizon over the whole NSA/Snowden thing.
So if cops catch a guy with THIS in a backpack-never mind the simple things you can combine with this to make it really dangerous-does the modern American cop treat the FEDERAL RIGHTS VIOLATOR, FEDERAL THIEF, FEDERAL FRAUD as the federal level felon of the thief variety, or does the cop treat the federal criminal as a terrorist waiting to detonate something? Personally, I'll vote terrorist.
Yeah, call me a reactionary Neanderthal. Byte me. I can name many organizations that provide this cheap device's hardware as well as the devices, chips, and codes that are known to be corrupt on OEM installs; and whose specific technologies are targeted by these types of hackers--whose data is already hacked in real time by those same groups of people corrupting the OEM installs; usually in other nations. What? Think that thief is the worst that can happen to you and your phone-use debit card? While you Get Real; I could have your car key and likely your house key made. If I don't like you I can add $100K to your college bill, because it's real easy to enter debt on someone in systems. Or I could get destructive. By the time you get anyone to listen to your stark raving pleas of innocence you'd be in a cell or a homeless shelter. Maybe you could get you finances and legal fixed, but your online rep would be sourced so many layers against you that you'll have a hard time cashing your own checks drawn on a fully secured account.
Hey! At least you'd be retired. "Cause no one would dare hire you.
just before I checked out the bill of exchange of $5122, I did not believe that...my... brothers friend was actualey receiving cash part-time from there new portable computer.. there dads pal has been doing this for beneath fifteen months and recently cleard the morgage on their appartment and bourt a brand new Ford Focus. we have a tendency to looked here...... www.bay95.com