How Hackers Tapped Into My Cellphone For Less Than $300
DAVID GREENE, HOST:
And we're not done with tech news yet. Let's consider some of the issues raised in the wake of the recent NSA surveillance leaks. If you're worried about your digital life, some hackers say they can help. For less than $300, they can tap right into your cell phone. They call themselves quote, "good hackers," and they say they're trying to warn cell phone carriers that more needs to be done about security.
RENEE MONTAGNE, HOST:
NPR's Laura Sydell decided to see what the group is all about.
LAURA SYDELL, BYLINE: I went to a hotel room in downtown San Francisco to meet these hackers. A moment after I walked in, Tom Ritter takes me over to look at a laptop screen.
TOM RITTER: Is this your phone number right here?
SYDELL: What am I looking at? Yes, that is my phone number. How did you know that was my phone number?
RITTER: You've associated to the device and we are picking up your phone.
SYDELL: Already? You mean, like, the minute I walked in the room?
RITTER: Pretty much. Yeah.
SYDELL: Oh my god.
Phew. Thank goodness, Ritter is a good guy - he's security consultant for iSEC Partners, a firm that specializes in finding security flaws to help business. Not only has Ritter got my number, he can listen in on my calls.
Hey, Nico. How are you?
I give a call to Nico Sell, who works with Ritter.
Do you usually come to San Francisco? Is it typical or atypical?
We chat for a couple of minutes.
NICO SELL: Bye.
SYDELL: Then, we I walk back over to Ritter's laptop. No one in the room here could hear Sell's side of the conversation. But, Ritter could. He plays it back to me.
Hey, Nico. How are you?
SELL: Great. How you doing, Laura?
SYDELL: Ritter says he was able to tap into my call with something called a femtocell. It cost him about $250.
RITTER: It's a small device about the size of a wireless router you'd pick up at Best Buy, and if you have poor cell phone reception in your home, you live in a rural area or a high rise building, you can get these from carriers to give yourself a better signal.
SYDELL: Ritter says the femtocell is basically a cell phone tower - that's why it's able to pick up all the phone signals around it. In case you were wondering, it also intercepts your text messages, including photos and if you use the browser to sign in to a site - say your bank.
RITTER: And you can see it pop up right there.
SYDELL: So I can see what your password was and I can see what your sign in was.
Ritter says someone has to be within around 40 feet of the femtocell for it to tap into their phone. But, given that it can fit in a purse, Ritter imagines a lot of situations where getting close enough would be easy.
RITTER: A lady goes out to, you know, bar in downtown D.C. You know, at this place a whole bunch of congressmen are hanging out.
SYDELL: This is beginning to sound like the beginning of a joke, but go ahead.
RITTER: She happens to pick up a whole bunch of picture messages. It doesn't take a whole lot of stretch of the imagination to see that there's a lot of potential here for targeting high profile individuals or just ordinary people.
SYDELL: In case you're wondering, the lady with the purse could be in a different room - the femtocell will pick up a signal through most walls.
This particular femtocell taps into Verizon phones - though he says that he could probably find a similar problem with femtocells that work with other providers. Since Ritter, is trying to help these companies, he told Verizon about the hack.
David Samberg, a spokesperson for Verizon, says they patched the flaw in the femtocells without customers realizing it.
DAVID SAMBERG: It was an over-the-air software push in that all of the devices received the software upgrade. So what they did when you walked into that room can't be done any longer.
SYDELL: But, Ritter and other security analysts don't agree that the problem has really been fixed - notably they were able to tap into my phone. Ritter is going to be part of a presentation at Defcon - a conference for hackers. iSEC and Ritter were chosen to present because Defcon organizers have always believed that these femtocells, which have been on the market for a few years, were vulnerable because they mimic cell phone towers.
Chris Wysopal, the CTO of the security firm Veracode, sits on the committee that picked Ritter to present at Defcon.
CHRIS WYSOPAL: With the way that these devices work, it is a point of vulnerability because, you know, it's a physical device that an attacker can get their hands on, they can open it up. That's not something you can do with a cell tower, obviously, because it's a locked building with, you know, fences around it.
SYDELL: Verizon says it has its own team of security experts who are regularly looking for vulnerabilities in their hardware and software, but that it's a constant battle. Like building a better safe at a bank, it will deter more people but nothing is perfect.
RITTER: Ritter of iSEC says there are much better fixes than what Verizon has done, but they cost a lot more money. In the meantime, Ritter says...
I make sure that I don't send anything over the phone that I wouldn't be comfortable with someone else seeing.
SYDELL: As for me, I left that interview feeling a lot more paranoid.
Laura Sydell, NPR News, San Francisco. Transcript provided by NPR, Copyright NPR.