Answer

Femtocell security: Defending against a femtocell hack

Interesting research was disclosed at Black Hat 2013 regarding how femtocells can be hacked. Many enterprises use such devices to boost cellular signals inside large buildings, so are there any practical security concerns for enterprises?

    Requires Free Membership to View

Ask the expert

Perplexed about network security? Send your enterprise threat-related questions today! (All questions are anonymous.)

The security concerns surrounding cellular networking for enterprises have changed significantly in the last three years, especially since Kristin Paget did a presentation at DEF CON 18 on eavesdropping and recording Global System for Mobile Communication cell phone calls. At the time, an attack of this nature could cost thousands of dollars and required significant skill. Nowadays, however, this attack can be easily achieved with a free femtocell from a cellular provider. As with all advanced attacks or security research, tools and techniques have improved and extended so that they can be used by other security professionals for their work and then eventually by script kiddies or common criminals.

At Black Hat 2013, Tom Ritter, Doug DePerry and Andrew Rahimi of iSEC Partners presented "Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell," where they demonstrated how to use a femtocell to attack devices connecting to the cellular network. They demonstrated attacks on voice, Short Message Service, Multimedia Messaging Service, data, and phone cloning.

While cellular communications are presumed to be more secure than other types of wireless connections, Paget and Ritter, DePerry and Rahimi have demonstrated enterprises should never make that assumption.

In their presentation, Ritter, DePerry and Rahimi recommended a number of steps to protect communications using Code-Division Multiple Access cellular networks. Enterprises should follow their advice by hardening the femtocell systems, implementing phone registration on the femtocell, or using end-to-end encryption to secure the communication regardless of the network used.

This was first published in January 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: