TimesToCome

Geekiness and life on the third coast

DefCon notes: Fake Cell Towers




All the examples of using Femtocells to create fake cell towers were done using Version units. Root access was gained by crashing during boot and getting dropped into a shell. This vulnerability has been patched, none are yet known for ATT.

The Femtocells were rooted and Snort, TCP Dump, and WireShark were added to watch the traffic.

Interesting asides:
Your phone mic sends data before the call is connected.
Browser connections are sent in plain text

Juniper Mobile Threats Paper
Do it yourself cellular IDS