Sledgstone

Your cellphone can be easily compromised

1 post in this topic

http://www.npr.org/blogs/alltechconsidered/2013/07/15/201490397/How-Hackers-Tapped-Into-My-Verizon-Cellphone-For-250
 

In the wake of the National Security Agency cyber-spying revelations, you may be worrying about the government keeping track of your digital life. But, for less than $300, a group of ordinary hackers found a way to tap right into Verizon cellphones.

This is a group of good-guy, or "white hat", hackers. They hacked the phones to warn wireless carriers that the phones have a security flaw.

I got to experience having my phone broken into. I met the hackers at a hotel room in downtown San Francisco. A moment after I stepped in, Tom Ritter pulled me over to look at a computer screen. Ritter is a security consultant for , which specializes in helping companies locate technology security flaws.

As I looked down at Ritter's laptop screen, he pointed to a number.

"Is this your phone number?" he asked.

It was. The minute I'd walked into the room Ritter had gotten into my phone.

Then, he showed me how he could listen to my conversations. I called up Nico Sell, who works with Ritter. We had a brief conversation. After I hung up, Ritter played a recording of the entire call for me.

Ritter said he was able to tap into my call with something called , also known as a wireless network extender. The one he used was made by Samsung for Verizon and cost about $250. The femtocell is about the size of a wireless router. You can buy one at Best Buy.

And, Ritter said, "Everything we did can be done with free software you can download online — nothing terribly special."

He says companies like Verizon support these devices for customers who live in rural areas or high-rise buildings and have poor cellphone reception.

"You can get these from carriers to give yourself a better signal," he said.

Ritter explained that the femtocell is basically cell phone tower; that's why it's able to pick up all the phone signals around it. In case you were wondering, it also intercepts your text messages, including photos and if you use the browser to sign into your bank's website, the device will be able to get your login and password. Yikes!

Ritter says someone has to be within around 40 feet of the femtocell for it to tap into their phone. But, given that it can fit in a purse Ritter imagines a lot of situations where getting close enough would be easy.

 

 

I originally heard this story back in July and I figured I'd post a topic about it. Cellphone companies have to ensure that people can use their service in their homes, but many newer homes have great roofing insulation.. so good that it blocks RF signals aka cellphone service as a side effect. So the cellphone companies made a product called a femtocell to give people in blackout areas or low signal areas full cellphone service. My brother had one of these when he was using Sprint. It connected to his high speed internet and he got a much better signal. These femtocells can be bought in electronic stores and online.. The range on these are small.. If someone is going to spy on you, it'll most likely be a neighbor in an apartment building where more people could be affected. Your phone will not show any roaming bars or give you any notification that you are on a femtocell (some might give you a double dial tone but only when making a call, not receiving one).. the phone will look like its on a regular connection and you will never know if someone is reading all your texts or recording your calls.

 

Now think about how easily the police or NSA can listen in..


gallery_1_23_1357354444_252.jpg

Share this post


Link to post
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • By Sledgstone
      Do any of you use a specific VPN service for privacy? If so do you recommend a specific company? My older brother uses PureVPN life time subscription and swears by it. He has all his PC's setup with it and his family's cell phones via an app. I'm not as concerned about my privacy, google already knows everything already.. but when I want to download specific things I'll use windscribe's free vpn. I've been using it off and on for a couple months and it seems to work great so far without affecting my download rates too much. I noticed this deal earlier today and I upgraded my 10 gb/month plan to 60 gb. Heres the link:
      https://slickdeals.net/f/10310132-windscribe-vpn-free-60gb-per-month-new-or-existing-accounts
      Windscribe is decent since it has a browser extension for quick toggling private browsing and a separate software that applies to everything running on the PC. Anyone else have a VPN recommendation?
    • By Sledgstone
      http://news.cnet.com/8301-1035_3-57526994-94/android-users-outraged-over-motorolas-broken-promise/
      Next phone I buy will be an HTC or a Samsung. I will never buy a Motorola phone again. I specifically bought this phone because it was on sale, it had basically the same specs as the samsung galaxy at the time and it was guaranteed to be upgraded to the latest android operating system.
      I never got that upgraded operating system. Android 2.3 is so outdated, that numerous apps are not even available for it. I cannot even run Google Chrome.. wtf. No Vine, no Time Warner app, etc. Numerous basic features on all phones are not available to me because I bought this phone with the belief that I'd only use the old operating system for another month or so. I remember when my brother's Nexus got upgraded to android 4.1, he was talking about how it was like a brand new phone again.. I was looking forward to this upgrade for so long.. and then my hopes were crushed.
      Say no to Motorola. Don't even bother buying their crap, because its completely unsupported.
    • By Sledgstone
      http://www.gamesradar.com/sony-updates-ps4s-terms-service-remove-your-privacy-jk-you-never-had-any-begin/

       
       
      This doesn't really surprise me.. I assumed they'd have full access to all the info stored on their servers. Just like Facebook and every other site. As long as they don't sell my information then I'm content with them knowing what games I play.
    • By Sledgstone

       
       
      Here is a video of Samsung's flexible screen tech from 2 years ago. Samsung, Sony and LG will all have flexible screens soon. This video was made before LG's flexible battery tech. Because there were no flexible batteries, there had to be a solid piece of the phone. Now the entire thing can be potentially flexible.
       

       
      With how thin the screens can be, it might only be a matter of time before we have tablets that are the size of a standard 12 inch ruler that have screens that can be pulled / rolled out into full size.
       
      Source:  Dailymail
       
       
      The next interesting part is gesture control. All hands free control using ultrasound.
       
       

       
      Combine these two techs and we'll have the next gen cell phones, tablets, laptops, TVs of the future.
       
      Source: Bitrebels
       
       
      The flexible screen tech got me thinking.. they could make clothing out of those screens. Imagine a camouflage suit made out of this display technology. With the proper use of numerous mini cameras the screens could display your surroundings all over the suit and blend you completely into any location.
       
      Also, with screens that thin.. once they make them bigger and higher resolution, future TVs could be sold rolled up. Apply some double sided tape to your wall, unroll the tv and stick the screen in place. And with gesture control, we wouldn't need a camera built into the TV for smart app features.
    • By Sledgstone
      I'm sure everyone has heard about this already, if not check the links below for the full information on the story:
       
      http://www.forbes.com/sites/gregorymcneal/2013/08/20/its-not-a-surprise-that-gmail-users-have-no-reasonable-expectation-of-privacy/
       

       
       
      http://www.salon.com/2013/08/14/gmail_users_have_no_reasonable_expectation_of_privacy/
       


      http://www.npr.org/templates/story/story.php?storyId=219176873

       
       
      It sounds like Google is saying that everyone's privacy is safe, except for the people that email gmail accounts from email accounts outside of google.. But wouldn't that imply that gmail user is having their incoming emails read and thus their privacy is being affected as well?
       
      The thing is, pretty much all email is insecure and people don't realize it.
       
      Whenever you send an email, it is on the server you sent it from and another copy of it is on the server it was received at. Key employees at whatever data centers those servers are located in, can access and read that email in its entirety. Emails can also be read by hosting companies, the hosting company's web host and up the chain all the way to the data center staff. The larger the corporation, the more employees that could potentially have access to your email. If you connect to a free wifi somewhere and access your email through a smartphone app that is not set for secure ssl connections, then any wifi network admin can access or log your email and any other user on that wifi system could technically access your email as long as they know how to do it. Email is not secure. All the companies that can access it have privacy policies just like google. All employees are restricted to accessing personal information and are only supposed to do it when assisting a customer with an issue. The shear bulk of email out there pretty much limits individuals from wanting to spy on you specifically, but with all these large companies data mining everything out there, I can see why people would be concerned about their data being used to profile them.
       
      From what I've seen, they don't just scan the one email when they display an ad on your page.. they give you massive storage space so it can scan all emails to target their ads for you. What do you think? Is google harvesting people's emails to add to their massive data mining operation? or are they only scanning your emails for advertisements?
       
      BTW, have you every used google maps? If you use it over the years then they know your address thats associated to your IP#.. clear your browser cache, delete all cookies, etc.. then go back to google maps, start typing your address and watch how quickly google remembers who you are. (then again, they might have changed this, I haven't tested it lately.)