![]() ![]() ![]() “Frankly, these devices scare us.”Īccording to CERT, with the older SCS-26UC4 model, attackers are able to exploit a built-in delay of the device’s bootloader to gain root access. “The level of technical skill you need to break into one of these, people are learning in college,” Ritter said in the video. A video of part of the demonstration can be seen here. A Verizon spokesman told Reuters there have been no reports of customers impacted by the bug. Ritter and DePerry demonstrated their attack for Reuters, the news agency said. According to an alert from CERT at Carnegie Mellon University, the researchers also found a separate vulnerability in the CDMA authentication code used by the femtocells that could allow an attacker to clone a mobile phone. Researchers Tom Ritter and Doug DePerry of iSEC customized a HDMI cable to exploit the vulnerability. Mobile phones within range of the femtocell will connect to it and the device acts as a cell tower and will route calls. The femtocell works as a low-power cellular base station that connects to a mobile network provider via a subscriber’s home Internet connection. The researchers said that up to 30 carriers’ hardware could be impacted, leaving many devices vulnerable. In the meantime, a firmware update released by Verizon patches the vulnerabilities in two versions of its Verizon Wireless Network Extender, models SCS-26UC4 and SCS-2U01, both made by Samsung. Two researchers from iSEC Partners are expected to provide more details on the technique at the Black Hat Briefings and DEF CON in Las Vegas in two weeks. A $250 piece of hardware known as a femtocell, used to boost mobile phone signals for consumers and small businesses, is vulnerable to a complete takeover that attackers can use to intercept Internet traffic and cell phone calls.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |