Femtocell devices, small cellular base station — or a wireless access point — that is used to improve indoor cellular reception have vulnerabilities that allow an attacker to take full control of the cell towers without the user’s knowledge. As reported by eWeek, Trustwave researchers plan to offer proof that a malicious user could tamper with a wireless device and create a fake tower in order to monitor people’s movement via the identification numbers of their cell phones.
“Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.
“‘Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device,’ Fasel said. “As the attacker has access to the device, any services the device offers [are] subject to the attacker’s control, including voice, data, authentication and access to the femtocell’s home network.'”