Security consultants have exposed a weakness in a device sold by Verizon, which they claim could help hackers to spy on the private data of Verizon Wireless mobile phone customers.
The experts, who demonstrated their finding to Reuters, said, they could eavesdrop on Verizon Wireless customers’ calls, see photos, text messages and emails, by hacking into the U.S. carrier’s signal-boosting devices called femtocells or network extenders.
The finding has come at a time when the world is debating electronic privacy rights, after a former National Security Agency, or NSA, contractor, Edward Snowden, leaked classified information about the U. S. government's secret surveillance programs, last month.
"This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," Tom Ritter, a senior consultant with U.S. security firm iSEC Partners, told Reuters.
Ritter and his colleague, Doug DePerry, would be presenting their findings at the Black Hat and Def Con hacking conferences in Las Vegas, where more than 15,000 security experts and hackers are expected to participate, according to the Reuters report.
Femtocells, which can amplify network signals and have a 40-foot range, are sold directly by Verizon to its customers at $250.
However, Verizon Communications Ltd (NYSE:VZ) said it has updated the software on its femtocells so that the devices cannot be manipulated in the technique used by the two experts, and added that there are no reports of any customers affected by the security lapse pointed out by them.
"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," Verizon spokesman David Samberg said, in a statement, according to Reuters. However, Ritter pointed out that they can continue to spy on Verizon customers using femtocells that were hacked before the security patch was released by the company.
According to the report, the security experts also claimed that minor modifications to the device could have helped them to “weaponize it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack.”
The researchers said such compact modules could be used for spying on conversations, as they can be put in a backpack and placed near the target. This is the first time a major vulnerability has been exposed on a U.S. carrier’s femtocells, and on a CDMA-based device. However, security hackers had earlier exposed bugs in European carriers’ femtocells as well.
CTIA, a Washington-based wireless industry group, in a report released in February, had warned about the risks involved with femtocells as a potential hackers’ target.