Cellular Base Station Range Extenders Vulnerable to Attack

Low-powered cellular base stations are often found in residential homes and small businesses where mobile coverage is scant. The device, which also known as a femtocell, connects to DSL or cable connections and extends cellular coverage to a functional level where cell towers simply don’t reach. Some cellular base stations can accommodate up to 16 devices indoors or outdoors. The benefits of deploying a cellular base station include better voice quality and stronger wireless internet connections over 3G or 4G.

A few of the mobile carriers offering cellular base stations include Vodafone, SFR, AT&T, Sprint Nextel, Verizon and Mobile TeleSystems. The devices cost under a few hundred dollars and offer a significant improvement in areas with poor wireless connections.

While all this is good and dandy, researchers discovered a flaw in the firmware of a top mobile carrier that may affect up to 30 other cell network devices.

The Register reports, “Security researchers have demonstrated a flaw in femtocells that allows them to be used for eavesdropping on cellphone, email and internet traffic. The researchers bought a femtocell for $250, and used open-source software to test out the bugging attack. They also managed to boost the range of the femtocell to enable a much wider radius of data-slurping beyond the advertised 40-meter radius. Since the firmware of femtocells is seldom updated, an attacker could eavesdrop for some time before being detected.”

Once notified of the firmware flaw, carriers are supposed to communicate with base station clients with a firmware update and instructions on how to install it. However, just like a consumer’s PC not being properly updated with antivirus or operating system-critical security patches, it is doubtful many of the devices have been updated.

If you have a cellular base station deployed in your home or office, it is advised that you contact your carrier and/or search out your cellular base station’s model number to see if there is a patch—and install it. Otherwise, anyone connecting to cellular base station should employ a virtual private network software such as Hotspot Shield VPN to encrypt wireless communications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.