Hacked Verizon Femtocell allows hackers to spy on Phone calls

[Acidripp]

Two Security experts from iSEC Partners have found a way to spy on Verizon wireless mobile phone customers by hacking into devices the U.S. Carrier sells to boos Wireless signals indoors.

In a demonstration for Reuters, researchers Ritter and Doug DePerry show how they are able to spy on phone calls, messages and photos made with iPhone and Android phones by using a Verizon femtocell that they had previously hacked. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," Reuters quoted a senior consultant with the security firm iSEC Partners , Tom Ritter as saying.

In a statement, Verizon Wireless said it routinely monitors its devices for security issues, but is sometimes approached by third parties that have uncovered other security issues. iSEC "identified an issue that was fixed in March of this year on all Network Extender devices," the company said. "The fix prevents the Network Extender from being compromised in the same manner. There were no reports of any customer impact."

"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," the company continued. "Our engineers and security experts designed the Network Extender to offer the best balance of customer experience with the strongest device and network security while still protecting the safety and wireless experience of other wireless users within the coverage area for the device. We continue to proactively work to protect the Network Extender from any new, real threats if they are discovered."

Verizon reportedly updated the software on its signal-boosting devices, known as femtocells or network extenders,to thwart hackers from copying the technique of the two experts. "The Verizon Wireless Network Extender remains a very secure and effective solution for our customers" Verizon spokesperson said in a statement after they fixed the bug. However, researchers claimed their technique still works because they had modified the device before the company pushed out the software fix. Experts told Reuters that the further details will be shared at the two upcoming hacking conferences : Black Hat and DefCon.