[ISN] Researchers Uncover Security Vulnerabilities in Femtocell Technology

InfoSec News alerts at infosecnews.org
Wed Feb 3 00:16:29 CST 2010 

http://www.eweek.com/c/a/Security/Researchers-Uncover-Security-Vulnerabilities-in-Femtocell-Technology-760682/

By Brian Prince
eWEEK.com
2010-02-01

Two Trustwave security consultants report they have uncovered hardware 
and software vulnerabilities in femtocell devices that can be used to 
take over the device. The duo will present their findings at the 
ShmooCon conference in Washington.

Researchers with Trustwave have discovered flaws in the hardware and 
software of femtocell devices that can allow an attacker to take full 
control of the miniature cell towers without the user's knowledge.

Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's 
SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in 
Washington.

"Our original [area of] curiosity was whether these devices could be 
utilized to supplement cellular deployment in third-world countries 
(such as the OpenBTS+Asterisk project) in a much cheaper package ($250 
compared to over $1,200 for a USRP hardware device plus server costs)," 
Fasel explained. "After hours of sniffing traffic, changing IP address 
ranges, guessing passwords and investigating hardware pinouts, we had 
obtained root access on these Linux-based cellular-based devices, which 
piqued our curiosity [about] the security implications."

Femtocell devices are small cellular base stations used to increase 
wireless coverage in areas with limited service. Because a cell phone 
does not have business logic to prevent it from connecting to a wireless 
device acting as a tower that has been tampered with, it is possible for 
malicious users to abuse that trust and sniff traffic as it traverses 
the network.

"Through the theoretical attack method outlined in our talk, the 
attacker would compromise the femtocell device to gain full root access 
over the device," Fasel said. "As the attacker has access to the device, 
any services the device offers [are] subject to the attacker's control, 
including voice, data, authentication and access to the femtocell's home 
network."

[...]

More information about the ISN mailing list