You only need to hack into a cellphone signal-boosting device that Verizon sells for $250 — and you can intercept all communications coming from a nearby phone.
Two security researchers have discovered that the devices called femtocells, or network extenders (small low-power cellphone stations that can be bought to improve the signal in a house) can be easily hacked and turned into spying stations.
The finding was reported by various media outlets on Monday, and researchers will provide further detail at the Las Vegas hacking and security conferences Defcon and Black Hat, which take place back-to-back at the end of July.
The finding comes at a time of intense global debate about electronic privacy, after top-secret U.S. surveillance programs were leaked by a former National Security Agency contractor, Edward Snowden, last month.
“We can operate a cellphone tower, and see everything that your phone would send to a cellphone tower: phone calls, text messages, picture messages, mobile web surfing,” Tom Ritter, a senior consultant with the security firm iSEC Partners said. “We can see and record it all.”
Ritter and his colleague Doug DePerry hacked the software running on the device, intercepting all calls made or received within 40 feet of the device and transmitting the data to a connected computer.
The issue was reported by the researchers to Verizon in early 2013 and the company claims that they fixed the issue in March, according to spokesman David Samberg. He added that no customers were affected by the exploit.
But Ritter said motivated hackers can still find other ways to hack the femtocells of Verizon, as well as those offered by some 30 carriers worldwide to their customers.
The researchers built their “proof of concept” system that they will demonstrate in Las Vegas with femtocells manufactured by Samsung Electronics Co and a $50 antenna from Wilson Electronics Inc.
They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.
Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250. Used models can be obtained online for about $150.
It’s easy to imagine how a hacked femtocell could be abused by someone with malicious intentions. The devices are so small — the size of a router — that they can be carried around in a pocketbook, intercepting all communications in a 40-feet radius. Ritter and DePerry believe this reach can be extended even further using more powerful antennas.
This is not the first time that femtocells have been exploited by hackers and turned into surveillance devices. In 2011, the group The Hacker’s Choice showed that Vodafone femtocells marketed in the UK could be used to tap into nearby cellphones.