DroidForums.net is the original Verizon Android Forum! Registered Users do not see these ads. Please Register - It's Free!
Results 1 to 4 of 4

Thread: $250 verizon device let's hackers take over your phone

  1. Premium Member
    xtor's Avatar
    Member #
    241487
    Join Date
    Dec 2011
    Location
    Northern Ca
    Posts
    1,280
    Liked
    130 times
    Phone
    note 2
    Premium Member
    #1

    $250 verizon device let's hackers take over your phone

    A femtocell is a miniature cell phone tower that anyone can use to boost their wireless signal in their home.*(Samsung/Verizon)If you’ve never heard of a femtocell, now would be a good time to learn.At the Black Hat hacker conference in Las Vegas, NV, on Wednesday, a pair of security researchers detailed their ability to use a Verizon signal-boosting device, a $250 consumer unit called a femtocell, to secretly intercept voice calls, data, and SMS text messages of any handset that connects to the device.A femtocell is, basically, a miniature cell phone tower that anyone can use to boost their wireless signal in their home. Most of the major U.S. wireless carriers sell femtocells, as do other retailers, and they can typically be purchased for $150 to $250.For a cell phone or tablet to connect to a femtocell, it must be within 15 feet of the device, and remain within 40 feet to maintain a connection, explains Doug DePerry of security firm iSEC Partners and one of the researchers who discovered the vulnerability. But when your device does connect to the femtocell, you will not know it.“Your phone will associate to a femtocell without your knowledge,” says DePerry. “This is not like joining a Wi-Fi network. You don’t have a choice.”The iSEC Partners team, led by DePerry and fellow researchers Tom Ritter and Andrew Rahimi, successfully tapped into the root of two femtocells sold by Verizon and manufactured by Samsung, which allowed them to intercept SMS messages in real-time, and even record voice calls.During a demonstration of their exploit, Ritter and DePerry showed how they could begin recording audio from a cell phone even before the call began. The recording also included both sides of the conversation. The duo also demonstrated how it could trick Apple’s iMessage – which encrypts texts sent over its network using SSL, rendering them unreadable to snoopers, including the NSA – into defaulting to SMS, allowing the femtocell to intercept the messages.“If you block the SSL connection back home to Apple, iMessages fails over to SMS, which plain text,” explains Ritter. “And that we can see just fine.”In their final demonstration, DePerry and Ritter showed off their ability to “clone” a cell phone that runs on a CDMA network (like Verizon’s) by remotely collecting its device ID number through the femtocell, in spite of added security measures to prevent against cloning of CDMA phones. Once a phone is cloned to another handset – meaning the network thinks both phones are the same device, assigned to a single account – a hacker can make expensive phone calls (i.e. 1-900 numbers), or use excessive amounts of data, and the charges are all attributed to the cloning victim.Because both the cloned phone and its evil twin device must be connected to a femtocell to work – “any femtocell,” says DePerry, not just one that’s been hacked – the cloning dangers are limited. However, when it comes to intercepting calls and text messages, the eavesdropping potential is significant – especially if someone with a hacked femtocell sets up camp in a heavily trafficked area, like Times Square, to listen in on passersby.Fortunately for Verizon customers, the company has since issued a patch to all affected femtocells. Sprint currently offers a femtocell that is similar to the vulnerable models from Verizon, but the company has said it plans to discontinue the device. And while AT&T also offers femtocells, it requires an extra level of authentication that makes much of the iSEC Partner’s findings irrelevant. Still, says Ritter, the femtocell vulnerability is still a major problem.“It’d be easy to think this is all about Verizon,” says Ritter. “But this really about everybody. Remember, there are 30 carriers worldwide who have femtocells, and three of the four U.S. carriers.”Ritter suggests that all carriers that offer femtocells require owners to provide a list of approved devices that are allowed to connect to their femtocell. And also prevent customers’ cell phones from connecting to any unauthorized femtocell.Read more:*http://www.foxnews.com/tech/2013/08/...#ixzz2b1ICQ2gJ

    sent from a note yee (2)
  2. Master Droid
    moset's Avatar
    Member #
    119707
    Join Date
    Sep 2010
    Location
    Rural South GA
    Posts
    872
    Liked
    35 times
    Phone
    Droid 1
    #2
    We're gonna have to quit calling then black hats if they keep exposing these vulnerabilities.

    Sent from my DROID RAZR using Tapatalk 4
  3. Premium Member
    xtor's Avatar
    Member #
    241487
    Join Date
    Dec 2011
    Location
    Northern Ca
    Posts
    1,280
    Liked
    130 times
    Phone
    note 2
    Premium Member
    #3
    Quote Originally Posted by moset View Post
    We're gonna have to quit calling then black hats if they keep exposing these vulnerabilities.

    Sent from my DROID RAZR using Tapatalk 4
    This isn't anything new,cell cloning has been around for awhile, but now the thieves don't have to build a collection device, they can buy one.

    sent from a note yee (2)
  4. Master Droid
    AECRADIO's Avatar
    Member #
    354311
    Join Date
    Sep 2013
    Location
    Payson, AZ.
    Posts
    340
    Liked
    39 times
    Twitter
    @AECRADIO
    Phone
    Droid 2, Droid X, Moto-G
    #4
    This is not about cloning a phone's MEID, SIM or anything like that, this is monitoring a live call, using the hand-off actions of actual towers, and using the femto cells to steal data and record it in real time. The problem with these are on the crook's end, as they need to be close enough to capture the phone, and prevent hand-offs to the serving tower.

    If your target is close enough, the femto cell might capture the phone as a hand-off, or the tower's downlink signal will obliterate the femto cell's actual RF power and take back control of the phone without the crook knowing. even digital RF signals are prone to the capture effect, as are all FM based radios.

    This is also where tower shadowing and reflections come into immediate play.

    If the crook is within 50 feet f his intended target, and the nearest tower is 1/2 to 1 mile away, the femto cell will probably capture the target phone, and the crime proceeds as if nothing ever occurred, but if the real tower is under a 1/4 mile, I would doubt the micro cell would garner any useful data, as the tower's signal strength would in probability, make the femto cell useless, and drown it out.

    All cell sites use frequency re-use in their networks, this allows a specified set of channels and data to be re-used across a carrier's entire network, saving build out time and expense, One site has specific channels used, and these identical channels will not be re-used in the same service area, but you may find them in another town, 15 miles away though, and this is a good thing for those microcells. They can have the same channel data as a distant tower, but NOT the same channels as YOUR serving tower, which makes the criminal's job easier because of this little known fact. Almost al 800 Mhz. trunked radio system uses a 45 Mhz. split, with the lower channel being the handset uplink To the tower, and the higher channel being the downlink FROM the tower to your handset. The 1.9 Ghz. systems use a similar system, but I am unsure of the actual offset.

    All a crook needs to verify a tower's channels, is to carry a sensitive frequency counter, and log every frequency the tower is transmitting, and then ignore the overhead data frequency as it is a 'constant' and does not transmit any voice data, only tower-used data that is routed back to the switch located at the carrier's main office (C.O).

    From the tower's transmitted frequencies, the crook can deduce the actual handset frequencies, and if the femto cell uses these, he can relocate to a tower that doesn't use them, to ensure he can take control of your phone without you knowing it.
    Ernest A. Erickson
    Payson, AZ.
    NCC-1701E

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 3
    Last Post: 12-06-2012, 07:55 AM
  2. Global Device on Verizon
    By consultant1 in forum Samsung Galaxy Nexus
    Replies: 3
    Last Post: 11-10-2011, 12:43 PM
  3. Replies: 4
    Last Post: 09-16-2011, 11:28 PM
  4. Replies: 8
    Last Post: 06-07-2011, 03:32 PM

Search tags for this page

$250 verizon device

,

$250 verizon device lets hackers take over your phone

,

2 devices 15 feet note

,

hacker device for x2

,

isec femto

,

note 2 says 2 devices 15 feet

Click on a term to search our site for related topics.
Find us on Google+