Data security firm iSEC Partners says it has successfully hacked a Verizon residential network extender, or femtocell. The company demonstrated the hack in a video posted to Reuters. The hack allows for the interception of phone calls and texts that are transmitted through the femtocell, which acts as a mini cell tower.
iSEC Partners points out that all of the major carriers offer these types of residential femtocells and most of them are susceptible to this type of security breach. A malicous hacker could potentially take the femtocell into a urban area and pick up conversations and texts from anyone in the area whose phone transmits over the femtocell’s connection.
Tom Ritter, a senior consultant with iSEC, said in the video that this type of technology would most likely be used by people looking for mobile banking information sent via texts.
“Frankly, these devices scare us,” Ritter said in the video. “I mean this is really about not the NSA tapping ordinary people. But it’s about ordinary people attacking ordinary people.”
Ritter said his team worked very hard to exploit the device, and acknowledged that Verizon had fixed the holes in the device’s software months ago.
“However, if you give someone a computer, they’re always going to be able to break into it eventually. So securing the device to a very high standard is critical to keep as many people out of these for as long as possible.”
When reached for comment, Verizon also acknoweldged the vulnerability and said it had been fixed back in March. The company added that there were no reports of any customer impact.
“Our engineers and security experts designed the Network Extender to offer the best balance of customer experience with the strongest device and network security while still protecting the safety and wireless experience of other wireless users within the coverage area for the device,” the company said in a statement. “We continue to proactively work to protect the Network Extender from any new, real threats if they are discovered.”