Black Hat 2013: mobile femtocell completely compromised
As part of the demo of the show, the organizers of the attack gathered data about voice calls, SMS-message is displayed, posted by volunteers in the viewers hall. Obviously, with such systems can deal with the wiretapping business rivals, collect data on bank cards and engage in other illegal activities. Organizers attacks say that Verizon notified in advance about the vulnerabilities and the operator has removed them, but around the world still operate tens of thousands of femtocells prone to vulnerabilities.
DePerri Douglas, one of the authors of the attack, said that the U.S. carriers, seeing the system in action, readily went on cooperation, but not the fact that the rest of us would have done as well. In addition, DePerri says that featured hack femtocell is open and can be easily upgraded as to pass even on upgraded networks.
"Danger femtocell is that your phone will automatically connect to it, you have no choice, if the network is there, phone is connected to it without notice, it's not WiFi, but a kind of continuation of the cellular signal on the local station, "- says DePerri. To avoid attacks from the femtocell to iSEC developed a special mobile application that transforms a cell phone in aircraft mode when an emitter femtocell .
In addition, the developers say that some models of Android-smartphone notify users about the transition to the femtocell, but it makes only a few models.
.jpg)
