http://arstechnica.com/gadgets/news/201 ... -house.ars
"A femtocell is a small cellular base station designed to provide superior, short-range, indoor cellular coverage in a home or office. The idea behind femtocells is simple: the hardware tries to capture the ease of setup of a Wi-Fi network while allowing seamless connectivity for existing cell phones."
Sounds like something new to hack!
Phone Customer convienence will likely expose them to security risks.
DNR
Femtocell, cellular base station
Femtocell, cellular base station
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
eppik
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
Re: Femtocell, cellular base station
So its basically a cell repeater?
Re: Femtocell, cellular base station
hey eppik good to see you again.
Its not the device exactly, but it is the risk it poses,
"The FAP uses a Security Gateway (SeGW) to securely connect using an IP network to a cdma2000 operator’s core network. Since the IP network (e.g., broadband connection) between the FAP and the SeGW is assumed to be un-trusted, the FAP shall be authenticated and authorized by the cdma2000 network before a FAP is allowed to provide service to the ATs."
http://www.3gpp2.org/public_html/specs/ ... mework.pdf" onclick="window.open(this.href);return false;
The point is the device (in this case FAP, Femocell Access Point) is a point of authentication to enter a major private network - such as AT&T or Verizon's - and can be hacked to Identify itself as someone else (lack of repudiation), spoof the owner of the FAP, or just snoop or cause damage by entering the network.
Then, there is the customer side exploits -
"The Femtocell Management System (FMS) is a management server that is used to configure and monitor the operation of the FAPs using TR-069 protocol as defined in [16]. A FAP is considered a Customer Premises Equipment (CPE) and the FMS is the Auto-Configuration Server in the TR-069 management architecture. The FMS may also be capable of other management operations, e.g., installing software updates on the FAPs. The FMS is typically assumed to be located inside the operator’s core network (i.e., reachable by the FAP only through the SeGW). However, in certain scenarios (e.g., the FAP is unable to connect to SeGW), the operator may have an FMS available on the public IP network (e.g., the internet) so that the FMS can connect to the FAP to re-initialize or diagnose the problem. In such cases, the FAP and the FMS in the public domain (public FMS) need to employ additional security measures to protect against the increased risk."
When ever a device allows updates or diagnosis by the network, it opens both sides to exploits. The cellphone could be injected with a virus, by simply attacking the FAP - getting it to update the phone for you. The FAP itself could be subject to DoS or malware (sniffer to listen in?) - again - because it will trust updates if it poses as the home server.
DNR
Its not the device exactly, but it is the risk it poses,
"The FAP uses a Security Gateway (SeGW) to securely connect using an IP network to a cdma2000 operator’s core network. Since the IP network (e.g., broadband connection) between the FAP and the SeGW is assumed to be un-trusted, the FAP shall be authenticated and authorized by the cdma2000 network before a FAP is allowed to provide service to the ATs."
http://www.3gpp2.org/public_html/specs/ ... mework.pdf" onclick="window.open(this.href);return false;
The point is the device (in this case FAP, Femocell Access Point) is a point of authentication to enter a major private network - such as AT&T or Verizon's - and can be hacked to Identify itself as someone else (lack of repudiation), spoof the owner of the FAP, or just snoop or cause damage by entering the network.
Then, there is the customer side exploits -
"The Femtocell Management System (FMS) is a management server that is used to configure and monitor the operation of the FAPs using TR-069 protocol as defined in [16]. A FAP is considered a Customer Premises Equipment (CPE) and the FMS is the Auto-Configuration Server in the TR-069 management architecture. The FMS may also be capable of other management operations, e.g., installing software updates on the FAPs. The FMS is typically assumed to be located inside the operator’s core network (i.e., reachable by the FAP only through the SeGW). However, in certain scenarios (e.g., the FAP is unable to connect to SeGW), the operator may have an FMS available on the public IP network (e.g., the internet) so that the FMS can connect to the FAP to re-initialize or diagnose the problem. In such cases, the FAP and the FMS in the public domain (public FMS) need to employ additional security measures to protect against the increased risk."
When ever a device allows updates or diagnosis by the network, it opens both sides to exploits. The cellphone could be injected with a virus, by simply attacking the FAP - getting it to update the phone for you. The FAP itself could be subject to DoS or malware (sniffer to listen in?) - again - because it will trust updates if it poses as the home server.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.