Verizon Wireless (NYSE:VZ) devices that the company sells to boost signal strength indoors can reportedly be hacked to reveal information detailing the activity of any phone using the device for its signal, according to two security researchers.
Since the National Security Agency scandal that revealed the government was monitoring an unsettling amount of personal information and interactions via phones and the Web, there has been heightened concern about electronic privacy. The researchers who discovered the flaw, Tom Ritter and Doug DePerry, demonstrated it to Reuters, showing how they could gain access to texts, photos, and phone calls made using the signal-boosting devices, which are also called femtocells or network extenders.
“This is not about how the NSA would attack ordinary people,” Ritter, a senior consultant with the security firm iSEC Partners, told Reuters. ”This is about how ordinary people would attack ordinary people.”
Femtocells are frequently used by homes and businesses where a wireless signal is hard to pick up or unreliable. They work by providing a small signal that can support a few phones through a broadband connection.
Verizon says that it has made software updates to prevent the type of hacking demonstrated by Ritter and DePerry, but the researchers claim the devices are still vulnerable to hackers. The company released a Linux software update in March that it says stopped the possibility of hacking. No customers have been affected by the bug yet, according to Verizon.
Ritter and DePerry will present their findings at the Black Hat and Def Con hacking conferences in Las Vegas. The two claim that with a little more work, a device can be rigged by packing up surveillance equipment in a backpack that can be left sitting near a femtocell in a public place, like a coffee shop or restaurant, which could then monitor all the phone activity of the people in the area.
Femtocells are widely used by many networks, including AT&T (NYSE:T) and Sprint (NYSE:S) in addition to Verizon, to help provide coverage to customers in trouble locations or dead zones, but the devices are coming under scrutiny because of how easy they are to hack. Despite Ritter’s assurance that this type of hack would be used by “ordinary” hackers, not the government, in the wake of the NSA scandal, the Def Con conference has advised “feds” not to attend.
Follow Jacqueline on Twitter @Jacqui_WSCS
Don’t Miss: Trend in Consolidation Continues with AT&T.