Skip to main content
  1. Home
  2. Mobile
  3. News

Meet the $250 Verizon device that lets hackers take over your phone

By
femtocell verizon hack samsung
Femtocell Image used with permission by copyright holder

If you’ve never heard of a femtocell, now would be a good time to learn.

At the Black Hat hacker conference in Las Vegas, NV, on Wednesday, a pair of security researchers detailed their ability to use a Verizon signal-boosting device, a $250 consumer unit called a femtocell, to secretly intercept voice calls, data, and SMS text messages of any handset that connects to the device.

Recommended Videos

A femtocell is, basically, a miniature cell phone tower that anyone can use to boost their wireless signal in their home. Most of the major U.S. wireless carriers sell femtocells, as do other retailers, and they can typically be purchased for $150 to $250.

For a cell phone or tablet to connect to a femtocell, it must be within 15 feet of the device, and remain within 40 feet to maintain a connection, explains Doug DePerry of security firm iSEC Partners and one of the researchers who discovered the vulnerability. But when your device does connect to the femtocell, you will not know it.

femtocell-talk
Image used with permission by copyright holder

“Your phone will associate to a femtocell without your knowledge,” says DePerry. “This is not like joining a Wi-Fi network. You don’t have a choice.”

The iSEC Partners team, led by DePerry and fellow researchers Tom Ritter and Andrew Rahimi, successfully tapped into the root of two femtocells sold by Verizon and manufactured by Samsung, which allowed them to intercept SMS messages in real-time, and even record voice calls.

During a demonstration of their exploit, Ritter and DePerry showed how they could begin recording audio from a cell phone even before the call began. And the recording included both sides of the conversation. The duo also demonstrated how it could trick Apple’s iMessage – which encrypts texts sent over its network using SSL, rendering them unreadable to snoopers, including the NSA – into defaulting to SMS, allowing the femtocell to intercept the messages.

“If you block the SSL connection back home to Apple, iMessages fails over to SMS, which is plain text,” explains Ritter. “And that we can see just fine.”

In their final demonstration, DePerry and Ritter showed off their ability to “clone” a cell phone that runs on a CDMA network (like Verizon’s) by remotely collecting its device ID number through the femtocell, in spite of added security measures to prevent against cloning of CDMA phones. Once a phone is cloned to another handset – meaning the network thinks both phones are the same device, assigned to a single account – a hacker can make expensive phone calls (i.e. 1-900 numbers), or use excessive amounts of data, and the charges are all attributed to the cloning victim.

Because both the cloned phone and its evil twin device must be connected to a femtocell to work – “any femtocell,” says DePerry, not just one that’s been hacked – the cloning dangers are limited. However, when it comes to intercepting calls and text messages, the eavesdropping potential is significant – especially if someone with a hacked femtocell sets up camp in a heavily trafficked area, like Times Square, to listen in on passersby.

Fortunately for Verizon customers, the company has since issued a patch to all affected femtocells. Sprint currently offers a femtocell that is similar to the vulnerable models from Verizon, but the company has said it plans to discontinue the device. And while AT&T also offers femtocells, it requires an extra level of authentication that makes much of the iSEC Partner’s findings irrelevant. Still, says Ritter, the femtocell vulnerability is a major problem.

“It’d be easy to think this is all about Verizon,” says Ritter. “But this really about everybody. Remember, there are 30 carriers worldwide who have femtocells, and three of the four U.S. carriers.”

Ritter suggests that all carriers that offer femtocells require owners to provide a list of approved devices that are allowed to connect to their femtocell. And also prevent customers’ cell phones from connecting to any unauthorized femtocell.

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
Best Fitbit deals: Save on Versa 4, Charge 6, and Sense 2
The Fitbit Sense 2 in moss.

One of the best fitness trackers is a great way to up your workout, though they can get expensive. Even with the current Apple deals, Apple Watch deals, and Samsung Galaxy Watch deals things can get a little expensive. Fitbit is a good fitness tracker brand to turn to if you’re looking for affordability. It has a great lineup of options, and Fitbit watches are almost always seeing a deal. In fact, right now Fitbit deals make for some of the best smartwatch deals you can shop. Below you’ll find what we feel are the best Fitbit deals to shop right now. There are several models to choose from for some savings, as well as a great deal on the Fitbit Charge 4.
Today's best Fitbit deal
Fitbit Charge 4 -- $125, was $150

While there are newer Fitbit Charge models on the market that include both the Fitbit Charge 5 and the Fitbit Charge 6, the Fitbit Charge 4 still has a lot to offer. It has all sorts of fitness and activity tracking capabilities. It can measure your resting heart rate and calorie burn throughout the day, as well as your SpO2 nightly average. The Charge 4 also uses built-in GPS to see your pace and distance during outdoor runs, rides, hikes, and other activities. You can head out for a long hike with this smartwatch, as the Charge 5 can last up to seven days on a single battery charge, and up to five hours when GPS is being used.

Read more
Best Samsung deals: The Galaxy S24 Ultra is up to $750 off
Best Android Phone 2022 Galaxy S22 Ultra in hand with S Pen feat image.

Whether you’re looking to shop TV deals, phone deals, smartwatch deals, and even tablet deals, Samsung almost always has something we could direct your attention toward. It’s regularly regarded as one of the top electronics brands, and almost always places among the best TV brands. There are a lot of Samsung deals worth shopping right now, and they cross the full spectrum of tech. We’ve done some of the heavy lifting for you and have rounded up what we feel are the best Samsung deals to shop right now. You’ll find a little bit of everything with these deals, so read onward for more details.
Samsung Galaxy Watch 4 — $150, was $200

On the surface, the Samsung Galaxy Watch 4 may look like a watch with a cool digital screen. And, of course, that'd be quite nice. But it turns out to be more of a wearable health monitor, giving you access to info on your overall fitness, running capabilities, and sleep cycles. Our Samsung Galaxy Watch 4 review compliments it for its seamless pairing with Samsung devices and its compatibility with small wrists. As you're sure to be adventuring, running, and exploring with this watch, be sure to grab one of the best Samsung Galaxy Watch 4 screen protectors to preserve its longevity.

Read more
Galaxy AI is coming to more Samsung phones very soon
A person using the Generative AI wallpapers on the Samsung Galaxy S24 Ultra.

Samsung is bringing its Galaxy AI technology to more Galaxy smartphones and tablets. This comes just months after the software was revealed with the Galaxy S24 series.

Samsung has begun rolling out Galaxy AI features to anyone with a Galaxy S22 series phone, Galaxy Z Fold 4, or Galaxy Z Flip 4. You will soon be able to download One UI 6.1 to get all of the benefits of Galaxy AI. The update appears to be rolling out in Korea now, suggesting it should hit U.S. devices very soon.

Read more