Two security specialists with iSEC Partners managed to tap into some femtocells of US carrier Verizon and spy on wireless mobile phone customers.
Tom Ritter and Doug DePerry made a demonstration for Reuters in which they transformed a wireless network extender into a proper spy tool capable of capturing entire phone conversationss, intercepting voice, text and picturing messages and even data connections. For the demo, the two experts only needed a hacked Verizon femtocell, an iPhone and an Android device.
“This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,” iSEC Partners senior consultant Tom Ritter told Reuters.
Apparently, the faulty signal-boosting devices known as femtocells, or wireless network extenders, are used by Verizon and some other 30 carriers worldwide to provide customers with wireless signal. They can be purchased directly from Verizon for $250 or procured already used from third parties for a little over $100.
These femtocells act as low-power cell towers that connect to the network of the service provider through broadband and support a number of cellphones to send all their traffic through them. They are similar to routers.
The two security researchers will provide more details about the hack at the Black Hat and Def Con conferences in Las Vegas.
Verizon said it has already updated systems to prevent hackers from using the proof-of-concept technique to spy on customers.