Security consultants at iSEC Partners have demonstrated a security breach in femtocells made by Samsung and sold by Verizon Wireless. Although both companies say the breach has now been fixed, ISEC believes the problem may not be unique to one product or one vendor, and that as many as 30 carriers may be vulnerable.
ISEC has been able to record calls, texts and browsing history from mobile phones when they connect to the cell. Obviously this is not a big concern for femtocells used in people’s homes, but according to Infonetics Research, more than half the $425 million earned by femtocell vendors last year came from public space femtocells. Furthermore, the firm says that while only 3% of units shipped in 2012 were integrated into broadband CPE like DSL routers and gateways, these types of cells are expected to comprise half of all units by 2017.
ISEC plans to give a more detailed demonstration of these hacks later this month at the Black Hat and Def Con security conference in Las Vegas. Read more on their findings here.
