Rogue femtocells could be used to steal user data

Criminal gangs have become increasingly interested in smartphones as they become capable of running sophisticated mobile banking and payment applications. This, according to a mobile security expert, has prompted activity involving femtocells and other technologies in renewed attempts to steal private information.

Dr. Bjoern Rupp, CEO of GSMK CryptoPhone, claims that these attacks are now possible using low-cost equipment, whereas only a few years ago it would have needed very expensive monitoring kit only affordable by government security agencies. "In the old-world of mobile telecoms you would need US$50,000 to buy measurement equipment from the likes of Rohde & Schwarz for such an attack. Now your commercial IPX software allows you to run a base station on Linux and simulate a GSM cell," said Rupp.

According to Rupp, a spoofed femtocell is one approach to running man-in-the-middle attacks on mobile networks but suffers from practical obstacles. Most femtocells are 3G, and the 3G standard requires mutual authentication (so the network must authenticate itself to the handset and via versa) so it's much harder to pretend to be a node on that network. 2G GSM networks only authenticate in one direction, with the SIM proving its identity to the network.

Rupp said hackers could force smartphones connected to a rogue femtocell to fall back and use GSM. "A determined adversary could push targeted devices into GSM mode," he explained. He added that this type of attack was more potent than much-publicised Evil Twin-style rogue Wi-Fi hot spot attacks.

"In the Wi-Fi area users generally make an active decision to connect to a network. With the rogue base station attack, users will not realise they have entered a trap. The phone will simply think it has entered a new cell with a strong signal, and will begin talking to a rogue base station automatically."

For more on this story:
The Register

Related stories:
Smartphones become target for cyber criminals
3G femtocell with embedded Wi-Fi support unveiled
T-Mobile to test femtocell interop - for 6 months
Sony and Toshiba join Femto Forum; femtocell business case outlined