Femtocell Verizon hack allows exposure of phone conversations, text messages

Hacking into mobile phones isn’t anything new, but a recently-discovered hacking trick has gone undetected for years, and it has opened doors for hackers to expose phone conversations, text messages, and even web browser activity. Research has revealed that low-cost low-power cell base stations called femtocells have been able to hack into mobile phones for years.

Femtocells are devices that bring wireless service to low-coverage zones and hard-to-reach spots that a regular cell tower couldn’t reach to. You may not have had a need for one if you’ve been living in the a city for most of your life, but analysts predict that 50 million of them may possibly be in use by the time next year rolls around.

Security consultant for iSEC Partners Tom Ritter was able to hack into NPR host Laura Sydell’s phone to find out her phone number and when she called someone, with the ability to record and playback the entire conversation with ease. Ritter says he was able to do it all with some free software and a $250 femtocell that you can buy at Best Buy.

Ritter points out that he’s able to “see everything that your phone would send to a cell phone tower,” and this includes phone calls, text messages, picture messages, and mobile web surfing. Ritter was using a Verizon femtocell at the time, and the wireless carrier says that they have patched all of their femtocells since then, but other carriers’ models could still be left open.

How easy is it to hack into someone’s phone using a femtocell? iSEC doesn’t provide details, but Ritter notes that “you do need some level of technical skills, but people are learning those skills in college.” However, “breaking into one of these devices, or a device like this, is within the realm of people working at home.” Ritter will be presenting his femtocell findings later in August at this year’s DefCon hacking conference.

VIA: CNN Money