由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
PDA版 - Femtocell Hack Reveals Cell Phone Security Hole (zz)
相关主题
unlocked phone for T-mobile wifi calling内耗是怎么在微软发生的
用google 的就等死吧 (转载)阿三上位:微软正式成为纳德拉的公司 (转载)
ios偷偷记录用户的位置?nexus 6 $200 at 12:00 amazon
软软开始威胁用户了Verizon goes all in with Android, over a dozen devices revealed
我果已经补好补丁了 你猪呢Nokia的WP7电话还挺酷的
iGo on Mio310 和TomTom 720 hacked 用哪个啊三星galaxy S2不会不在tmobile出了吧
Hacks for Garmin nuvi 660?kindle fire $199
关于GPS,是不是mio比较容易hackWindows Phone Tango ROM leaks out, reveals support for more background tasks
相关话题的讨论汇总
话题: security话题: isec话题: phone话题: network话题: verizon
进入PDA版参与讨论
1 (共1页)
m*****d
发帖数: 13718
1
据说fix了,结果还是一个鸟样。基本上如果有人想搞,40ft之内可以随便截获你所有
通信
By: CNN
Updated: July 15, 2013
Tweet
NEW YORK (CNNMoney) -- An increasingly popular technology for extending cell
-phone coverage ranges had a major security hole that went undetected for
years, through which an attacker could eavesdrop on everything a target did
on their phone, according to new research released on Monday.
The research brings to light previously unknown vulnerabilities in some
models of femtocells, devices that mobile network operators use to bring
wireless service to low-coverage zones. The compact boxes, which are
typically as small as a standard cable modem, can be deployed in hard-to-
reach spots like the top of an apartment building or a home in the mountains
. Femtocells are also referred to as "network extenders," and analysts
project that as many as 50 million of them will be in use by 2014.
In a demonstration for CNNMoney, researchers at iSEC Partners, who
discovered the security hole, covertly recorded one of our phone
conversations and played it back for us. They were also able to record our
browsing history, text messages, and even view pictures we sent from one
smartphone to another by hacking the network extender.
"We see everything that your phone would send to a cell phone tower: phone
calls, text messages, picture messages, mobile Web surfing," said iSEC
Partners senior security consultant Tom Ritter.
ISEC discovered the security flaw a year ago and contacted the affected
vendors, who quickly began working on a fix. The company focused its
research on femtocells operating on Verizon's 3G CDMA network, though iSEC
believes similar holes could exist on other network extenders.
A Verizon spokesman said the problem has been repaired in all of the
femtocells it is currently using.
"The demonstration CNN saw was for an identified issue that was fixed
earlier this year on all network extender devices," the company said in a
written statement. "The fix prevents the network extender from being
compromised in the same manner."
Verizon said it has not received any customer complaints about the security
glitch.
Samsung, the company that manufactures Verizon's network extenders, also
issued a statement saying the problem has been fixed. ISEC plan to show off
more details of its hack later this month at the Black Hat security
conference in Las Vegas.
Security researchers say these kinds of flaws are inevitable. As new
technologies get more powerful, though, the risks get bigger.
"Once you first saw this product was available, you said, 'If there are any
vulnerabilities, it'll be really bad," hacker Chris Wysopal, the chief
technology officer for security software maker Veracode.
When he learned about femotcells, he says he immediately thought: "Somebody'
s bound to break this."
ISEC, which specializes in security research, says the attack it pioneered
doesn't require very sophisticated hacking.
"You do need some level of technical skills, but people are learning those
skills in college," Ritter said. "Breaking into one of these devices, or a
device like this, is within the realm of people working at home."
Security pros say that using encryption apps like Wickr, Cellcrypt, Redphone
and TextSecure can help users looking for a more secure connection. But
researchers at iSEC have resigned themselves to the idea that nothing is
confidential.
"You should assume that everything you're saying is being intercepted," said
Doug DePerry, one of the company's senior consultants. "That is a bit of a
defeatist opinion, but sometimes that has to be the way it is."
1 (共1页)
进入PDA版参与讨论
相关主题
Windows Phone Tango ROM leaks out, reveals support for more background tasks我果已经补好补丁了 你猪呢
Galaxy S III benchmarkiGo on Mio310 和TomTom 720 hacked 用哪个啊
iPhone 5 REVEALED by SmoshHacks for Garmin nuvi 660?
Android 安全: Poor SSL Implementations Leave Many Android Apps Vulnerable关于GPS,是不是mio比较容易hack
unlocked phone for T-mobile wifi calling内耗是怎么在微软发生的
用google 的就等死吧 (转载)阿三上位:微软正式成为纳德拉的公司 (转载)
ios偷偷记录用户的位置?nexus 6 $200 at 12:00 amazon
软软开始威胁用户了Verizon goes all in with Android, over a dozen devices revealed
相关话题的讨论汇总
话题: security话题: isec话题: phone话题: network话题: verizon