Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaining Root Access On Linux-Based Femtocells

Posted by Soulskill on from the feel-free-to-listen-in dept.

viralMeme writes "According to the Register, 'Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.' One of the researchers said, 'After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications.' Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms. Or, as some pen-pusher would put it in a report: an unantipicated security excursion.

15 of 102 comments (clear)

  1. it still comes down to one thing by prgrmr · · Score: 3, Insightful

    changing IP address ranges, guessing passwords

    Better passwords would have made all the difference in the world. 16 character, mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access. Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password". It's not like it costs more to have a longer, more complex password.

    1. Re:it still comes down to one thing by Nos. · · Score: 3, Insightful

      The problem is not what the default password is. It could be blank and still not significantly affect the security of the device. Its the admins that don't change the default password that are to blame. Lets face it, even if they ship the next device with a 16 char mixed case, special character, number containing, sufficiently random password, it will still be the default password. A simple google search of "Device model default password" will get you the default password pretty much as soon as its released.

      As an alternative, they could force a password change on first login.

    2. Re:it still comes down to one thing by blair1q · · Score: 3, Insightful

      On the other hand, a 20-digit randomized Product Key for registering your purchase is no big deal.

      Print the password on the box and make it mandatory to enter it before use. Users will get the clue and online h4xx0rs won't have a backdoor into 99% of links.

    3. Re:it still comes down to one thing by jeffmeden · · Score: 2, Insightful

      Oh, for the love of documentation!

      I think what you meant to say is there is an inherent cost to being forgetful (forgetting the password before writing it down in a safe place) or lazy (not writing it down in an safe/perpetual place.) Yes, if the alternative is leaving a password susceptible to casual attack, feel free to write the password down and lock it in your desk drawer with the IP of the device on it, and leave that post-it around for the next guy.

      Not that there aren't a ton of secure, effective tools to manage passwords out there.

    4. Re:it still comes down to one thing by mcrbids · · Score: 4, Insightful

      Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password". It's not like it costs more to have a longer, more complex password.

      You think longer, complex setup doesn't cost the company money? I gather that you haven't considered support costs?

      The best solution I've seen so far is to have a strong password printed on a sticker on the outside of the box. That's a pretty good compromise because if the attacker has physical access to the box, he/she could hit the "Reset" button on the device anyway. Thus, putting the password on the bottom of the device on a sticker really isn't any less secure than other solutions, and this can be done fairly cheaply.

      But it still costs - each router has to be given its own unique password, and a process has to be set up to match up the passwords given with the stickers, and there are still more support costs from the clueless dolts who have to be told to look on the bottom of the device for the default password.

      If you assume any intelligence on the part of the end user, your support costs will quickly challenge that assumption!

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  2. Re:So fix it by Sir_Lewk · · Score: 2, Insightful

    He also seems to be assuming that the attacker and the owner are two seperate people.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  3. Encrypt everything by Anonymous Coward · · Score: 2, Insightful

    Don't use the regular 3G voicecalls, use only encrypted VoiP. Preferebly with a microSD card filled with one-time pad

      Of course its not actually a bad thign that these are hacked, people just need to realise that their communications are not secure. just like when I use my Nokia's SIP client now I know full well that it would be easy for the person who'se WiFi i'm using to intercept my calls but I take the chance anyway.

    Femtocells rely on 'security against the user' much like DRM does, in fact a large part of the 3G/GSM network relies on people not being able to fuck around with their own equipment too much, so I am actually surprised it took this long since that client-side security model is doomed anyway

    1. Re:Encrypt everything by Sir_Lewk · · Score: 2, Insightful

      use only encrypted VoiP. Preferebly with a microSD card filled with one-time pad

      Say what? Either you don't know what a one-time pad is and are just pulling cryto terms out your ass, or you have really weird telephone habits. OTPs never make sense, unless you are a spy deep in enemy territory and you need to transmit a handful of words with perfect security to a single receiver. The logistical issues with a system like the one you are proposing are absurd.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  4. It was the business school by kiehlster · · Score: 2, Insightful

    Their computer schooling isn't the problem, it's that they've probably also gone to business school. Rule #1, always cut corners to finish the product on time.

  5. Re:Jedi Mind Trick, actually by davester666 · · Score: 5, Insightful

    The very concept of Femtocell's is bass-ackwards. You pay a carrier for wireless access, then pay again for a device to actually provide you with the wireless access, along with monthly fee's for the device and also pay for internet access so the device can connect to the carrier over the internet.

    It's like "we couldn't be bothered to actually provide you with coverage at your home/office, so would you mind building out our network for us, and pay us extra for the privilege of doing so".

    --
    Sleep your way to a whiter smile...date a dentist!
  6. Re:A couple of points ... by pr0nbot · · Score: 3, Insightful

    I'd presume (without having RTFA of course) that what is meant is that they bought a femtocell, looked at its hardware pinouts, and this helped them devise an attack that would work on any instance of that model of femtocell (without physical access).

  7. Re:Jedi Mind Trick, actually by Anonymous Coward · · Score: 1, Insightful

    The very concept of Femtocell's is bass-ackwards.

    The technical concept is fine. Its implementation at the billing level by American companies is not. The same can be said for SMS.

  8. Re:Jedi Mind Trick, actually by Foolicious · · Score: 3, Insightful

    Sorry if you got confused.

    Yeah. I was thinking that by me living in an area that is shown as having coverage on their coverage maps meant that I would...wait for it, wait for it...actually have coverage. How silly of me.

    --
    Please don't use "umm" or "err" or "erm".
  9. Re:Seriously? by owlstead · · Score: 2, Insightful

    "The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software."

    I love that last statement. It's not only not taken seriously, it is rarely programmed by someone educated on the subject. And the users of these systems are also to "blame". Even I, when browsing for a new ADSL modem, don't look at the state of the security in a device. I'll look if a router has WPA2 but that's about the extend of it. This is not strange, since it is simply not the prime use of the device. For these kind of Femto cells, no manager will select on security, but rather at cost, signal strength and manageability.

    About 3 years ago I looked at the security of an Enterprise Service Bus and literally on the last page it was stated that the software used AES 168 bit encryption (including screen shot, no less). It's not just commodity devices, it is all products that are not primarily designed with security in mind.

  10. Re:Jedi Mind Trick, actually by dgatwood · · Score: 3, Insightful

    You also pay for the power needed to operate the cell, which presumably their other customers benefit from. If they put a full cell site on your property, they'd typically pay you between $10-25,000 per year to lease the right to do so (even if it is just putting it on top of an existing structure). Why should they get to place a femtocell at your house for free merely because it runs at a lower power? At a minimum, they should give you a discount on your monthly charge and free service on that cell. Anything less is outright taking advantage of you.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.