Security firm iSEC Partners plans to show off a proof of concept for a hacked Verizon femtocell at the upcoming Black Hat and Def Con hacking conferences in Las Vegas. The compromised femto can eavesdrop on text messages, photos and phone calls made with either Android devices or iPhones.
The firm demonstrated the hack to Reuters, and told the news service that the technology could be weaponized for a backpack attack – a backpack hack, as it were – wherein a portable femto could be concealed and dropped in any location. Effectively that would make it into a mobile listening station. While the standard femto has a 40-foot range, the researchers said that could be expanded by adding specialized antennas.
Despite the “spies like us” aspect of the tactic, the firm stressed that the danger is not from government surveillance. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Tom Ritter, a senior consultant with iSEC, told Reuters.
He used as an example the idea of an investor looking for a hot tip placing such a backpack in Manhattan restaurants frequented by investment bankers.
Verizon said it has updated the femto software over-the-air to thwart the attack that iSEC has demonstrated.
"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," company spokesman David Samberg told Reuters, adding that there have been no reports of customers being impacted by any such hack to date.
iSEC however said that it can easily modify the hack to stay ahead of the firmware updates – something that they plan to prove in Las Vegas next month.