back to article Femtocell flaw leaves Verizon subscribers' Wi-Fi and mobile wide open

Security researchers have demonstrated a flaw in femtocells that allows them to be used for eavesdropping on cellphone, email, and internet traffic. The hack was demonstrated on Verizon hardware, and the telco giant has issued an update to patch the vulnerability, but up to 30 other network carriers use systems with software …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    There, fixed that ..

    "The Verizon Wireless Network Extender remains is now a very secure and effective solution for our customers, ..."

  2. jonathanb Silver badge

    Does the update actually help?

    It appears that for the attack to work, you need to have physical control of the femtocell, or at least access to the LAN it is connected to; and it has to be within range of the phone you want to monitor.

    If you are required to update the firmware to stop the attack, then people who want to perform the attack will choose not to apply the update. Other people who have a femtocell at home and don't plan to perform the attack won't bother, because the fact that others don't have physical access to the femtocell or router means they don't have to worry about attacks, and if attackers do manage to find another way into their LAN, they have more pressing problems to deal with.

    1. Brian Miller

      Re: Does the update actually help?

      According to what I heard on the radio, the update was pushed out automatically by Verizon. The researchers wanted to see a more thorough fix, which would require a hardware update.

      The biggest problem is not hacking someone else's femtocell, but deploying your own femtocell for snooping other people's live phone conversations, like what people used to do with scanners before cell phones went to digital.

      1. Wzrd1 Silver badge

        Re: Does the update actually help?

        I've had a few hardware updates to my phone over the years. Most of which were pushed out remotely and rebooted the phone.

        Erm, an OS is an OS. Non-volitile storage is just that, somewhat.

    2. Wzrd1 Silver badge

      Re: Does the update actually help?

      Actually, the way the vast majority of wireless carriers operate, there is an update, you SHALL receive that update.

      I fail to see why the wireless vendor can't push an update to nvram, then apply it to flash. Especially considering that most devices that have ram of any sort have ram in excess. Be it NV or non-nvram. Add to that that many hardware drivers for PC's and other hardware have options to install as needed software at a driver level, it's far from undoable involuntarily.

      Well, until they get caught, then it's, "Oh! You did it for *my* security, OK, rape is cool now. Or something.

  3. Chairo

    "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,"

    Ordinary people rarely attack ordinary people, the NSA however...

    1. Wzrd1 Silver badge


      "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,"

      Ordinary people rarely attack ordinary people, the NSA however..."

      The NSA attacks *all* when observing. What happens next is limited within the US due to posse comitatus, very slightly, due to congressional action over the past decade.


  4. John Smith 19 Gold badge

    "Burn Notice" is a documentary

    Who knew?

    Joking aside. Femtocells. All the hardware you need to spoof a cell tower in a convenient package.

    Surely no one would exploit such a device for nefarious purposes?

  5. Tom 13

    Dear Mr. Ritter

    This exploit might not be the way the NSA engages in broad data collection. It might be more prevalent amongst normal people trying to slurp data from other normal people. But I assure you, that IF you were a high value target, the NSA would have no qualms about using this attack vector to gather your data. It might even be preferred to the more exotic techniques available to them for precisely the reason that it doesn't immediately point a finger at them.

  6. Anonymous Coward
    Anonymous Coward

    The great thing about a femtocell is that the carrier is always in control, those not responding to updates via the controller's push management will simply be de-authorised.

    Further, in the current generation you only manage to attach to a femto if there is absolutely NO macro network coverage, so as a general rule its easy to get off one but really hard to get onto one , even if its your own and you are in the same room with it, the netowrk will only use it as a last resort , never a first choice

This topic is closed for new posts.

Other stories you might like