Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Microcell Disassembly; Security Flaws Exposed

Posted by Unknown on Wednesday April 4, 2012 @04:20AM from the bind-all-the-addresses dept.

CharlyFoxtrot writes "The geeks over on the fail0verflow blog took apart an AT&T Microcell device which is 'essentially a small cell-tower in a box, which shuttles your calls and data back to the AT&T mothership over your home broadband connection.' They soon uncovered some real security issues including a backdoor : 'We believe that this backdoor is NOT meant to be globally accessible. It is probably only intended to be used over the IPSEC tunnel which the picoChip SoC creates. [...] Unfortunately, they set up the wizard to bind on 0.0.0.0, so the backdoor is accessible over the WAN interface.'"

3 of 82 comments (clear)

Min score:

Reason:

Sort:

Backdoor? by Anonymous Coward · 2012-04-04 04:32 · Score: 5, Insightful

AT&T's customers routinely take it in the backdoor from the company already so they just figured that no one would notice in this case.
Re:Improved Roaming by TFoo · 2012-04-04 04:45 · Score: 4, Insightful

Actually, you're incorrect in your thinking. They were required to put GPS in it for E911 to work and the device will not function until the GPS location is verified. As the owner of a microcell I can tell you that GPS reception is the biggest #$@!@# pain in the ass for the thing in general. I have a metal roof at home and the microcell will only activate for me if I hang the device in the skylight.
Re:So what incentive do people have to get these? by Anonymous Coward · 2012-04-04 04:50 · Score: 2, Insightful

You obviously don't have AT&T. If you did you would see the foolishness in your question.