Security experts said they have managed to spy on Verizon Wireless mobile phone customers by hacking into devices sold by the US carrier, further fueling the controversy over privacy issues in the wake of the NSA leaks.
Tom Ritter and Doug DePerry demonstrated for Reuters how it is
technically possible to eavesdrop on text messages, photos and
phone calls made with an Android phone and an iPhone by using
compromised Verizon products.
The hacking requires nothing more than a femtocell, which serves
as a small cellphone tower to boost signal reception, which
Verizon sells for $250; dozens of other carriers also offer the
same technology.
The finding comes at a time of intense international debate about
privacy after former NSA analyst Edward Snowden last month blew
the whistle on a top-secret US surveillance program, known as
PRISM, which has the capability to collect and store records on
telephone and internet communications around the world.
The Verizon discovery, however, would put the power of spying
into the hands of ordinary citizens, according to the
researchers.
"This is not about how the NSA would attack ordinary people.
This is about how ordinary people would attack ordinary
people," said Tom Ritter, a senior consultant with the
security firm iSEC Partners.
Verizon announced it has updated the software on its femtocells
to thwart hackers from carrying out a similar attack on its
system.
But Ritter said diligent hackers will be able to discover other
ways to hack mobile phone customers of Verizon, as well as those
offered by other carriers.
The two researchers, who plan to give more intensive
demonstrations at the upcoming Black Hat and Def Con hacking
conferences in Las Vegas, declined to show how they were able to
compromise the software.
The researchers admitted that, with a little effort, they could
have ‘weaponized’ the system for ‘stealth attacks’ by bundling
the equipment needed for a surveillance operation into a backpack
that could be dropped near a specific target, Reuters reported.
They gave as an example “a group interested in potential
mergers might place such a backpack in Manhattan restaurants
frequented by investment bankers.”
Verizon's website said the booster device has a 40-foot range,
but the researchers believe that range could be expanded by
adding special antennas.
While the iSEC researchers admit they are not the first to
demonstrate the vulnerabilities of femtocells, they say they are
the first to hack the femtocells of an American carrier, and one
that operates on a wireless standard known as CDMA.
CTIA, a wireless industry group headquartered in Washington, in
February published a report that pointed to femtocells as a
potential point of weakness in the wireless system.
John Marinho, CTIA's vice president for cyber security and
Technology, said the group has been more concerned about other
potential attacks, such as malicious apps. He said he is unaware
of any incidences where an attack was launched via femtocells.
Still, he added, the wireless industry is monitoring the issue:
"Threats change every day," he told Reuters.